When using LDAP Authentication in Bizagi, credentials entered in the login page (username, password and domain) are sent to an LDAP Server for verification.
Once the server verifies and permits the access, login is successful as long as this user is already created in Bizagi.
In this authentication, passwords are never stored in Bizagi.
If you plan on using an authentication method different than Bizagi and you are performing a deployment to an environment with no user information on it (normally this would only be the case for a project's first deployment), follow these steps so that you can correctly configure your users and authentication without getting locked out of the Work Portal:
1.Perform the deployment with the authentication method set to Bizagi. This lets you access the Work Portal as the Admon user without providing any credentials.
2.Once in the Work Portal you can manually enter your users, or alternatively you can rely on the method of your choice to synchronize your users' information into the WFUser table (SOAP, Excel file, LDAP Synchronization, or performing a Data Synchronization procedure).
3.Perform an IISRESET so that the Admon user can no longer access the Work Portal.
4.After having your users registered in the Work Portal, use the Management Console to set the authentication method to your preferred one.
If you plan on using LDAP authentication with periodic users synchronization, you may ignore the previous steps since you will only need to wait until the next synchronization happens for your users to be able to log into the Work Portal.
Setting LDAP Authentication
To set LDAP as the authentication type, select LDAP from the drop-down list:
Click on the Update button.
The following options presented as inner items must be configured:
•LDAP URL: Corresponds to the path to access the LDAP Server (using the LDAP URL format).
It is mandatory that you input LDAP://.. with the starting LDAP prefix in uppercase, capital letters.
•Use settings in LDAP synchronization: Applies if you already have configured Bizagi to synchronize your Active Directory users into Bizagi.
If this is the scenario, turn this option on, to use the same LDAP URL and settings from the LDAP synchronization settings.
When this option is on, the value of the former option will be ignored.
Windows Active Directory is supported as for LDAP authentication.
Note that it is necessary that the Web site configuration at the Server (i.e IIS), uses Anonymous authentication for the Work Portal.
Importing LDAP Users
For any type of authentication, you will need to make sure that users are created at Bizagi Work portal.
Disregarding the selected Authentication type for your Work Portal login, you may choose to configure a schedule in Bizagi to import and synchronize users from your LDAP Server into Bizagi.
For more information about this option, refer to Importing LDAP Users.