Your district can configure SameGoal to authenticate users against a central district server via Lightweight Directory Access Protocol (LDAP). Many districts use LDAP to manage user authentication across a variety of district applications.
SameGoal supports standard configurations of Active Directory and eDirectory. Additional LDAP implementations may work but are not officially supported. To perform authentication against a locally hosted LDAP server, SameGoal servers located in the SameGoal IP range must be able to open TCP connections to your LDAP server from outside your local network.
To configure LDAP:
- Create and install an SSL certificate (self-signed is acceptable) on your LDAP server.
- LDAPS (port 636) is required.
- LDAP is not allowed (not secure).
- Setup a publicly routeable IP address which port forwards to the private IP address of your LDAP server.
- Limit traffic to connections from the SameGoal IP range.
- Email your LDAP URL and LDAP Domain to email@example.com. The SameGoal technical team will confirm our servers can perform authentication and enable the LDAP configuration.
lightbulb Tip Your LDAP URL must be well-formed (eg ldaps://w.x.y.z/ or ldaps://ad.district.k12.oh.us/) and publicly routeable.
lightbulb Tip Your LDAP Domain should be the domain you wish users to authenticate within for SameGoal.