Docebo’s LDAP Integration is for companies using different IT systems and needing to link their larger user databases with one system in order to access company data in a central location. LDAP (Lightweight Directory Access Protocol) is a set of protocols used for accessing information directories.
This app is a single authentication app that facilitates the interaction between your platform and your company’s database. This way, users can use a single set of login credentials. When users add their login credentials, Docebo verifies if these credentials coincide with the central registry. If the system does not find this user, it automatically checks the LMS database.
Please Note: If you aren’t sure where to find the appropriate credentials needed to complete this configuration, you should contact your company’s IT Manager.
This app is available for Docebo Enterprise plan clients and it is optional for Growth plan clients.
Activating the LDAP App
Begin by logging into your platform as the Superadmin. Then, access the Admin Menu from the gear icon in the top right corner of your platform. In the Admin Menu, press the Add New Apps button. Once in this Apps & Features section, access the Third Party Integrations tab from the tabs menu at the top of the page. Find the LDAP app in the list of apps in this tab, then press the Activate button.
Read the description in the pop up box, then press the Activate button. Once the app is active in your platform, you can begin the configuration. Please refer to the next section of this article for more information.
Configuring the App
To access the LDAP app, reach your Admin Menu. Then find the LDAP Settings section, and press the Manage subitem. Once you’re on the management page, begin by flagging the Activate LDAP authentication box.
Now, add your server and port information. The port is usually 389. In the Username for LDAP users text box, follow the instructions outlined on the interface by using $user as a username example. Then, use the domain from which the platform will retrieve the necessary user information and data (example: $email@example.com). Please note that the $user information will be replaced with the actual username of the user that is being authenticated. For example, if the username in LDAP is firstname.lastname@example.org, then the username in Docebo will be paul.red.
Now, add your Base DN into the corresponding text box. The Base DN describes from where (i.e. subfolder) the system will download your users. Finally, you can flag the options to User LDAPS protocol and/or Check LMS login before LDAP. If the latter option remains unflagged, the login will first try user authentication through LDAP, then through the LMS user registry. By flagging this option, the process is reversed.
You can also flag the option to Enable LDAP Administrative Functionality. By enabling this functionality, you can list, create, and delete entries. Once this option is enabled, you will need to add your LDAP Admin username and passwords into the corresponding text boxes. You will also need to add your Username field, Username filter, First name, Last Name, and email LDAP fields. You can match these fields with your Docebo user fields. When you’ve configured this page as desired, press Save Changes to complete your integration.
Importing Users via LDAP
After you activate and properly configure the LDAP App, you can import users from your LDAP Active Directory. Reach your Admin Menu and select Users from the E-Learning section. On the User Management page, press the folder button in the top right section of the page, then press the Import Users via LDAP.
The platform will connect to your LDAP Active Directory, retrieve the available users and will list them displaying their username, first and last names, email and synchronization status. A black X identifies the users that are not synchronized. It is not possible to select the users to synchronize, so the synchronization process always includes all of the available users.
Click Import LDAP Users on top of the users list to launch the synchronization. A message in the pop up box will confirm when the synchronization is over, and on the number of imported users. In case of synchronization errors, the message in the pop up will also provide you with a link to the Log file, so that you can check what went wrong. When users are synchronized, the Synched column shows a green checkmark.
Please note that when the username of a user is modified in the Active Directory, a new user is created in Docebo when the synchronization is run, because usernames are unique.
Logging into Docebo with LDAP Credentials
Once synchronized, your users will be able to log in using their LDAP credentials. If a user is not registered into the company’s database, but only inside the Docebo platform, they can still log in using their Docebo credentials. The system cross-examines the databases in case the user shows no results, and will subsequently search inside Docebo. This way, the platform is accessible both by LDAP and Docebo users.