MIDAS Active Directory (LDAP) IntegrationActive Directory Integration

Frequently Asked Questions

Why is Active Directory integration only available for "self hosted" editions of MIDAS?

In order for a web server to support Active Directory integration, the server has to be specifically configured to do so. With our "cloud hosted" edition of MIDAS, we do not permit or provide you with access to change/reconfigure the web server in order to support your LDAP server.

Why must my MIDAS be licensed for "Unlimited" users in order to use Active Directory integration?

If your MIDAS is licensed to a finite number of users, then Active Directory integration would potentially exclude some of your Active Directory users from accessing access MIDAS - defeating the point of the seamless "single-sign on" ability offered by LDAP integration. For example, if your MIDAS is only licensed for 10 users, then whichever 10 users from your Active Directory login to MIDAS first, they would then be the only 10 users who could continue to access MIDAS in the future - all others would be rejected.

Therefore, to avoid this, we have restricted Active Directory integration to self-hosted customers with an "Unlimited" user MIDAS license.

Generally speaking, organizations that utilize an Active Directory tend to have dozens, if not hundreds, of users so would likely have or require an "Unlimited" user license for MIDAS anyhow.

Does MIDAS "write" anything back to or update my Active Directory?

No. MIDAS only reads data from your Active Directory. It won't write anything back or make any changes to your Active Directory.

I can't change user's Primary Groups in my Active Directory, yet I need to assign different users different permissions!

By default, MIDAS will assign permissions based upon each user's Primary Group which corresponds to a user group in MIDAS with the same name. If you are unable to change a user Primary Group in your Active Directory to allow them to inherit different permissions within MIDAS, there is a solution!

  1. Export a list of users from your AD (including full names and email addresses)
  2. Open this exported data in a spreadsheet and add an additional "User Group" column
  3. Populate this new user group column with the names of existing User Groups you've previously defined in MIDAS
  4. Save your modified spreadsheet as a .CSV file
  5. Import this file (MIDAS Admin Options → Manage MIDAS → Database → Database Tools → Import Data), ensuring you assign the correct fields to the correct columns
This will setup user accounts in MIDAS for all your current AD users, and assign each account the permissions from the relevant existing MIDAS User Group.

Finally, untick the "Update User Permissions upon each authentication" option (MIDAS Admin Options → Manage Users & Permissions → Single Sign-On)

Then once you've setup & enabled LDAP authentication, users will be able to seamlessly authenticate and will have the appropriate user permissions.

Not all our users are under the same base within the Active Directory, can MIDAS handle that?

Yes. In MIDAS v4.09+ you can specify multiple Active Directory bases (MIDAS Admin Options → Manage Users & Permissions → Single Sign-On → Base) by separating each base with a semi-colon ( ; ) character.
If you're running an earlier version of MIDAS however you would need to update to v4.09+ in order to be able to configure multiple AD bases.