Kendis supports integration with the Active Directory (LDAP) for
Authentication
Authorization
Active Directory is only supported for the Kendis "Self-Hosted" version for Docker or VM. For Kendis cloud customers, please check SAML Integration.
Important Note:
Once you configure the LDAP, you will start authentication against the LDAP. However, the user accounts that you have configured before enabling LDAP will still work with the older Kendis only passwords.
You must have at least one Kendis local user account available with super admin rights. This is needed in case, you need to make changes in your LDAP settings later and your LDAP authentication for some reason is not working. If you don't have the local Kendis user account saved, your Kendis system could be locked out and at the moment, there is no way to unlock it.
Follow these five steps to configuring Active Directory Integration.
Step 1: Navigate to LDAP Setup
On the left navigation, click on the settings and select "LDAP Setup" as highlighted on the screenshot.
Step 2: Enable LDAP Options
You can choose to enable both authentication and authorization of the users with your Active Directory Users and Groups.
Authentication: Users will be authenticated from the LDAP
Authorization: You will be able to assign the LDAP users and groups to the boards collection. It's highly recommended to enable it.
Step 3: Provide LDAP Server Settings
Provide the values for your LDAP (Active Directory) settings
Host Name: Host name of the LDAP server.
SSL: Click the SSL check box if you want to use the SSL
Port: Port you are using for LDAP server. (default ports, without SSL: 389, SSL: 636)
Username: User to login to LDAP server.
Your username must be like an email address. If you are currently using the user like "service123" then change it to "serviceuser123@<domain>"If you are unsure about <domain> then you can easily calculate from your LDAP distinguished name
e.g.,
distinguishedName: CN=serviceuser123,OU=Users,DC=example1,DC=com
then the username would be
Password: Password of the LDAP user you are using to login in LDAP Server.
Base DN: Root node in LDAP from which to search for users and groups.
Additional User DN: Prepended to the base DN to limit the scope when searching for users.
LDAP Type: Select your option (Keep "Active Directory" as your selected option)
Note: If not clear what could be the values for Base DN or Additional User DN, please check this article about Distinguished Names and how you can get the Base DN and Additional User DN from LDAP browser.
Step 4: Test LDAP Connection
After you have provided the values for your LDAP, click on the "Test" button. If all is working fine, you will see the confirmation message.
Remember to press the Save button.
Step 5: Login with LDAP Authentication
At the login screen, you MUST only use the username, e.g., "serviceuser123" without the domain.
Note: If you use a complete email address, you will get an authentication failure message.
Step 6: Grant board rights to the LDAP User
After successful LDAP configuration, anyone in your organization who have a valid account will be able to authenticate and access Kendis. However, they will not access any boards and will see the empty message after login.
You can choose the users and groups from LDAP and assign them to different board collections in your account.
Go to Board Collections under Settings
Click on an existing board collection or create a new board collection
On the left-hand side, you will see the search box
Type the user or group name in the search box
Select the user or group and add it to the board collection
While adding the user, you need to select the "Role" of the user or the group.
Once users are added to the board collection, they can access these boards after login.