LDAP (Lightweight Directory Access Protocol) is a protocol for accessing information about users and resources stored in a corporate directory, such as Microsoft Active Directory (AD).

Active Directory is a Microsoft tool for centralized management of user accounts, their rights, and access to organizational resources.

Logic of working with Active Directory (AD)

In Kwizbot, Active Directory capabilities are used to manage employee authorization. User management is entirely done through AD, and authorization is based on data validation through LDAP.

1. User verification:
   • If the user's email is found in AD, he or she is given the opportunity to log in.
   • If the email is not found in AD, the login will be blocked.
2. Update user data:
   • At each login attempt, the system updates the user role according to the one transferred from AD.
   • Other data synchronized via LDAP (e.g., name, position, etc.) is also updated.
3. Blocking access:
   • If a user is removed from AD or their account is deactivated, they will not be able to log in.

Setting up and connecting

Connection to Active Directory and setting up synchronization via LDAP is carried out by technical support.

<aside> ⚠️

This feature is available only as part of the Enterprise support package.

</aside>

Settings include:

• Specify the address of the AD server (LDAP URL).
• Configuring the synchronization of user roles and data.
• Checking the correctness of access and rights.

Integration features

This approach allows you to centrally manage employee access and roles, which reduces the administrative burden

Changes in user access rights in AD are automatically updated in our system at the next authorization.

Errors during authorization

In case of an error, you get a description of the problem

If the user is not found in the system