Remote authentication is supported by using Lightweight Directory Access Protocol (LDAP).
Enabling remote authentication requires users to use your authentication server to grant them access. Without proper configurations, users may not be able to reach the services provided by DnA & ISE products. If you are unsure how to proceed, please contact your district’s Customer Success Manager (CSM).
Note: If you need to change your IP address after LDAP has been enabled for your district, please send the new IP address to dnasupport@illuminateed.com so we can add it our whitelist.
LDAP is no longer available for new setups.
Set Up Process
IP Address Configuration
Your remote authentication server will need to be accessible via the internet by IP address ranges on the specific port you wish to use. Visit System Requirements & Whitelist for details.
Data and Assessment (DnA) or Special Education (ISE) clients:
Your usernames in DnA/ISE must match the usernames in your authentication server. Please verify your users.txt file is importing nightly and that the usernames reflect what is present in your authentication server. You can check the usernames in Illuminate via the User Management page.
The characters > < * are not accepted values.
If your authentication server goes offline, then your users will be unable to log in to Illuminate. It is recommended to provide more than one authentication server that the Illuminate system will automatically failover to in case the primary is unavailable.
The configuration information at the bottom of this document needs to be filled out. This includes a username and password for us to test the authentication configuration, as well as connection information for your authentication server.
With the information below we will set up a copy of your Illuminate site to create a testing environment. You will be asked to verify that Remote Authentication is working in this testing environment.
Once verified, a date and time will be set to enable remote authentication on your live environment. Please notify your users of this change and make sure they are aware their former login credentials will no longer be valid. It is best to wait until Remote Authentication has been verified before setting this date.
Configuration Forms
There are various configurations that is supported for Users and/or Student Portal. Certain information will need to be provided to complete the setup process.
The following information will need to be provided:
- LDAP Server Hostname:
- LDAP Server IP Address:
A valid public Root Certificate Authority cert is required.
- Encryption (STARTTLS or SSL is Required):
- LDAP Port (Typically TCP ports 389 for StartTLS or 636 for SSL):
- Account DN Lookup Username:
- Account DN Lookup Password:
- Account Domain:
- Base DN:
- Account Filter / Field (uid, sAMAccountname, etc):
- Test Account Username:
- Test Account Password:
Root CA Certificate
We will need the Root CA Certificate generated from your domain controller. Here is documentation on how to generate this if needed:
Student Portal is an optional additional product. To set up Remote Authentication for students via the Student Portal, please also fill out the following details.
The following information will need to be provided:
- Student Login ID Type (Username, E-Mail or Student ID):
- LDAP Server Hostname:
- LDAP Server IP Address:
A valid public Root Certificate Authority cert is required.
- Encryption (StartTLS or SSL is Required):
- LDAP Port (Typically TCP ports 389 for StartTLS or 636 for SSL):
- Account DN Lookup Username:
- Account DN Lookup Password:
- Account Domain:
- Base DN:
- Account Filter / Field (uid, sAMAccountname, etc):
- Test Account Username:
- Test Account Password:
Root CA Certificate
We will need the Root CA Certificate generated from your domain controller. Here is documentation on how to generate this if needed: