Active Directory (LDAP)

Lightweight Directory Access Protocol (LDAP) is a mature, flexible, and well-supported standards-based mechanism for interacting with directory servers.

In this article

Requirements

Connect to Active Directory using LDAP

Setup Active Directory app on School Passport

- Add Active Directory app from the gallery

- Configure access to Active Directory

- Set Mapping Rules and data synchronization options

Sync data with Active Directory

Next steps

Lightweight Directory Access Protocol (LDAP) is an application protocol for working with various directory services. School Passport can connect to your district's LDAPS provider to log in to students and teachers. 

To connect your district's LDAP provider with School Passport, follow these steps:

1. Establish an LDAP connection with your Active Directory
2. Setup Active Directory app on School Passport
3. Sync data with Active Directory

Requirements

To get started, you need the following items:

• Azure Active Directory Premium or Azure Active Directory and PowerShell Proficiency.
• Public IP address or hostname of your Active Directory server and port number.
• Domain name(s) of your Active Directory server.
• Username and password for the user account that will read data from Active Directory.

Connect to Active Directory using LDAP

To establish an LDAP connection with Active Directory, set up your firewall to allow inbound TCP connections from the following GG4L Gateways on the LDAP ports (default ports: 389 and 636):

• 107.23.59.28
• 52.3.237.162
• 52.1.31.254

Setup Active Directory app on School Passport

To integrate Active Directory with School Passport, add Active Directory app from the gallery and configure it.

Add Active Directory app from the gallery

1. Sign in to your School Passport.
2. Go to Connect > Application Gallery.
3. Type "Active Directory" in the search box. 
4. Select Active Directory from results panel. 
5. Click Activate. Wait a few seconds while the app is added to your environment.

Configure access to Active Directory

1. In the Delivery Config, enter your API credentials:
   
   
   • Domain: Enter the domain name copied from Active Directory.
   • Host: Enter the hostname public IP address copied from Active Directory.
   • Port: Enter the port number copied from Active Directory. 
   • Authentication requires URL: Select if the LDAP server requires a specific URL for authentication. Recommended for secure connections. Note: It can be set only during the first configuring of the Active Directory. If you need to change it later, please email support@gg4l.com.
   • Username and Password: Enter username and password for the user account that will read data from Active Directory.
   • Import Groups as Roster Data (Classes): Select to import user groups from Active Directory as roster data (classes) in School Passport. Note: It can be set only during the first configuring of the Active Directory. If you need to change it later, please email support@gg4l.com.
2. (Optional) Click Advanced Settings:
   
   • SIS ID prefix: If multiple data sources of the same type are used, add a prefix to avoid merging entities with equal SIS IDs.
   • Bulk Upload Mode: Select to detect deleted records by comparing them with the previous upload.
   • Data will be uploaded from multiple data sources: Select if uploading data from multiple sources (e.g., SIS and Active Directory). Leave clear if uses a single source (e.g., SIS only).
   • Compare records accordingly to the Domains of Uniqueness: Select to activate duplicate detection.
   • Preview of data upload: Select to manually approve every data sync. New data won’t be available until you accept the changes.
   • Sync hold threshold: Set a threshold for significant changes. Updated data won’t be exported until you approve the changes. 

3. (Optional) Click Test Connection to verify the connection with Active Directory.

4. Accept the Terms of Use and/or Privacy Policy. Click Next.

Set Mapping Rules and data synchronization options

1. In the Mapping Rules, click Finish Configuration on the top right and inform GG4L Customer Support that you've set up access to Active Directory. Support Agent will configure mapping rules for proper data synchronization and add Master Fields to prevent duplicates. Alternatively, you can configure mapping OUs by yourself. Note: We also recommend scheduling a meeting with the GG4L Customer Support team for personalized guidance during the Mapping OUs setup.
2. (Optional) In the Attributes Mapping, set the attributes for data synchronization between Active Directory and School Passport. 
3. (Optional) In the Data Requirements, configure what actions should be taken if some data attributes are missed. Click Next.
4. (Optional) In the Filter Rules step, set up data filtering by different entity types. Click Next.
5. (Optional) In the Domains of Uniqueness, define parameters that are required to be unique to avoid duplicates in the system. See Domains of Uniqueness. Click Next.
6. (Optional) In the Master Fields, define rules to prevent data duplication when synchronizing data from your app and an SIS to School Passport. See Master Fields. Click Next.
7. (Optional) In the Schedule, set up how often you want to automatically sync data. Click Next.
8. (Optional) In the Done, click Finish to complete the setup.
9. Wait a few seconds for the app configuration to apply, after which you will be redirected to the Active Directory application dashboard.

Sync data with Active Directory

Once the Active Directory integration is set up, you can run a sync with Active Directory at any time. 

We recommend running a sync if you have new or updated data in Active Directory for School Passport. Please note, that if a teacher or student is removed from the sync, their enrollments will also be deleted.

To run a sync with Active Directory, go to the Active Directory app in School Passport and click Run Import.

If you have any questions about the Active Directory app configuration, please reach out to GG4L Customer Support.

Next steps

Once you configure Active Directory integration you can turn on MFA for students and teachers with Azure AD/Office 365, which protects their accounts from unauthorized access. Learn how to activate MFA with Azure AD/Office 365.