We will describe how to configure the JPD to work with Entra ID using an example.
Consider an Entra ID server that must support the following conditions:
Users are located in two geographically separated sites. Some are in the US (designated as "us"), while others are in Israel (designated as "il").
Each site defines users and groups in different places in the Entra ID tree as displayed below.
To configure Entra ID authentication, in the Admin module, go to Authentication Providers | LDAP and click New.
The following table describes the configuration parameters.
Configuration Parameter | Description |
|---|---|
Settings Name | The unique ID of the Entra ID setting. |
Enabled | When set, these settings are enabled. |
LDAP URL | Location of the Entra ID server LDAP access point in the following format: The URL may include the base DN used to search for and/or authenticate users. If not specified, the Search Base field is required. |
Auto Create System Users | When set, the JPD will automatically create new users for those who have logged in using Entra ID. Any newly created users will be associated with the default groups. |
Allow Created Users Access to Profile Page | When set, users created automatically will have access to their profile page and perform actions such as generating an API key. |
User DN Pattern | A DN pattern is used to log users directly into the LDAP database. For Entra ID, we recommend leaving this field blank since this only works if anonymous binding is allowed and a direct user DN can be used, which is not the default case in Entra ID. |
Email Attribute | An attribute that can be used to map a user's email to a user created automatically by JPD. This corresponds to the mail field in Entra ID. |
Search Filter | A filter expression is used to search for the user DN that is used in Entra ID authentication. This is an LDAP search filter (as defined in 'RFC 2254') with optional arguments. In this case, the For Entra ID, the corresponding field should be |
Search Base | The Context name in which to search relative to the base DN in the Entra ID URL. This parameter is optional, but if possible, we highly recommend that you set it to prevent long searches on the Entra ID tree. Leaving this field blank will significantly slow down the Entra ID integration. The configuration in the example below indicates that the search should only be performed under "frogs/il" or "frogs/us". This improves search performance since the JPD will not search outside the scope of the "frogs" entry. |
Manager DN | The full DN of a user with permissions that allow querying the Entra ID server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf. |
Manager Password | The password of the user binding to the Entra ID server when using "search" authentication. |
Search Sub Tree | When set, enables deep search through the sub-tree of the Entra ID URL + Search Base. True by default. |