Team: Huntress SAT
Environment: LDAP (Active Directory, OpenLDAP, FreeIPA)
Summary: Security Awareness Training (SAT) learner groups can by synced with LDAP servers for easy management.
Syncing your SAT learner group with a LDAP server by adding the server's configuration credentials to the Learner Management section of your group's settings.
Huntress SAT can integrate with most LDAP directories and the following schema configurations
- Active Directory
Configure in SAT
Sign into your SAT account and navigate to Groups-Settings-Management and choose "LDAP" as the management type and click "Update".
Next, add your Host address. This can be either a domain or IP address.
For example: "ldap.example.com".
Then, add your Port number. If you're using an SSL or "LDAPs" for encryption, please use port "636". If you're using a standard connection or TLS use "389".
Next, add your Base DN. The "Base DN" is the point from where our platform will begin its search for users inside your directory. For example, "DC=example,DC=com" could look for users inside your root directory and "OU=HuntressSAT,DC=example,DC=com" could look for users inside an Organization Unit called "HuntressSAT" inside your root directory.
- DC = Domain Component
- OU = Organizational Unit
Next, add your LDAP Username. This is would likely be an administrative email address but could also be the Relative Distinguished Name name of your admin user. For example, "email@example.com" or "CN=admin,DC=example,DC=com" depending on your server configuration.
Then, add your LDAP user's password into the Password field. The password field will clear upon accepting the password, and the field name will change to "New password" to indicate that a password is already saved.
If your connection is successful head over to the Syncing Options page to configure your sync settings.
Allowlisting for Firewalls
Often organizations will need to "allowlist" our LDAP communications on their organization's firewall.
Please allowlist the IP address 188.8.131.52 to communicate over LDAP on the port (636) for which you are trying to connect.