Configure LDAP on Pathfinder | Pathfinder
Overview
Pathfinder authenticates users through a connected BeyondTrust product instead of connecting directly to Active Directory or LDAP. The connected product — Privileged Remote Access or Remote Support — acts as the proxy site for directory authentication.
Prerequisites
Before you begin, make sure you have:
- Administrator access to Pathfinder.
- A connected BeyondTrust product configured with an LDAP or Active Directory provider.
- The directory domain and any required connection details.
Important informationThis procedure assumes you have already configured an LDAP or Active Directory provider in your BeyondTrust product. If you have not, complete the appropriate configuration procedure before continuing.
Although Password Safe appears as a product option, it is not currently available for use with directory authentication in Pathfinder.
Register the directory provider
- Log in to Pathfinder as an administrator.
- From the tenant dropdown, select Administration.
- Open the navigation menu and click Directory Authentication.
- On the Directory Authentication page, you can add a new directory provider or edit an existing one.
-
When adding a provider, configure:
- Label
- Provider type
- Domain or server
- Proxy site
- Product
WarningRemoving a provider prevents users who rely on that directory from signing in unless another authentication method is available.
Provision users
To add an LDAP user manually:
- From the navigation menu, go to User Management.
- Click Invite User.
- In the User Details section, enter an Email Address, First Name, and Last Name. All fields are required.
- In the User Permissions section, for Organization Role, select either Standard User or Administrator.
- For Site Access, select the sites and at least one application to grant user access to.
- Click Invite User.
The user receives an email with a link to create a new password, then access the selected site(s) and application(s).
Sign in
Users sign in using the tenant-specific URL. For example, https://login.beyondtrust.io/signin/signIn?orgId=your-org-id
Replace your-org-id with your organization's tenant ID.