ACCESS CONTROL

LDAP MFA and LDAPS MFA

   Add MFA to LDAP and LDAPS for security and compliance
   Secure VPN connections and remote logins 
   Lock down SCADA systems and legacy devices

SurePassID easily adds MFA to LDAP and LDAPS for secure access to local resources - including SCADA systems.

ldap-over-ssl

Add MFA to LDAP and LDAPS to secure any end point - including legacy network devices and appliances

LDAP, the Lightweight Directory Access Protocol, is an open and vendor-neutral application protocol that enables seamless access and management of distributed directory information services. Moreover, it offers the added advantage of incorporating modern multi-factor authentication (MFA) to regulate applications for legacy network devices and appliances.

For legacy and obsolete devices that remain in service - or those involved in shop floor production methods and processes - adding MFA to their admin accounts and user logins can seem impossible. But if those devices support LDAP, SurePassID can enable LDAP MFA to

SurePassID Authentication Server has built-in support for on-prem or cloud LDAP directories. SurePassID can import users from LDAP directories and be synchronized to reflect any changes, eliminating the risks of process gaps and automating administration.

SurePassID offers the flexibility to configure it as either a primary LDAP directory or as a primary or tertiary directory in conjunction with a secondary LDAP directory, whenever authentication schemes necessitate it. By default, SurePassID adopts secure transport through HTTPS. Moreover, to enhance security, PKI and X.509 certificates can be employed.

SurePassID-LDAP-MFA-Image-1
SurePassID-LDAP-MFA-Image-4
SurePassID-LDAP-MFA-Image-2
SurePassID-LDAP-MFA-Image-3
ldap-over-ssl

Harden LDAP with TLS/SSL wrapping

LDAPS doesn't represent a radical departure from its LDAP roots; rather, it's LDAP reimagined with a security-first approach. By enabling the encryption of data, including sensitive user credentials, as it moves to and from the LDAP server (for instance, during a directory bind), LDAPS acts as a guardian against the unauthorized access to credentials.

At the core of this secure data exchange lie SSL and TLS, cryptographic protocols that leverage certificates to forge a secure pathway between client and server prior to the transmission of any LDAP data. With TLS being the successor to SSL, it offers enhanced security features, positioning STARTTLS as a more robust security choice above both traditional LDAP and LDAPS whenever feasible.

In an era marked by escalating security threats and a heightened demand for the safeguarding of data in transit, the pivot towards LDAPS as the preferred directory protocol is clear.

LDAP MFA and LDAPS MFA configurations

Integrating MFA with LDAP/LDAPS is not a one-size-fits-all scenario. Depending on your requirements, SurePassID leverages various protocols and technologies to achieve a seamless integration and frictionless user experience.

  • Remote Desktop Services + Active Directory – SurePassID can authenticate user login and password against Active Directory during the first step of MFA for Remote Desktop Services logins.
  • VPN + RADIUS + LDAP Server – SurePassID can authenticate user login and password against an LDAP server during the first step of MFA for VPN logins
  • SSO + SAML + LDAP Server – SurePassID can authenticate user login and password against an LDAP server during Single Sign-On (SSO) logins to on-premise and cloud apps.

VPN-Diagram-1