Mirket Help Center
  • Mirket Help Center
    • End User License Agreement
    • Privacy Policy
    • Mirket On Premise
      • Mirket Installation
        • Mirket MFA Installation Requirements
        • Mirket Installation Steps
      • Mirket Admin Panel
        • Dashboard
        • Admin Accounts Configuration
        • User Management
          • Local Users Configuration
          • Local Group Configuration
          • Ldap Users
          • LDAP Group Configuration
        • Rules
          • Radius Rules
            • Radius Clients
            • Radius Rules
            • Authorization Profiles
          • RDP Rules
          • OWA Rules
          • API Rules
            • API Docs
        • Providers
          • Approve / Deny
          • Mirket OTP
          • TOTP
          • SMS Providers
          • Pauth
          • Pauth or Approve/Deny
          • Bypass
        • Logging
          • Radius Logging
          • RDP Logging
          • OWA Logging
          • API Logging
        • Reports
        • Settings
          • General Settings
          • Syslog Settings
          • Notification Settings
          • License
        • Mirket Upgrade Process
      • Mirket Agents
        • Mirket RDP Agent
        • Mirket OWA Agent
      • Mirket MFA App
      • Integrations
        • Array Networks SSL VPN Integration
        • Barracuda CloudGen Firewall Integration
        • Citrix Integration
        • Cisco ASA Integration
        • Cisco ISE RADIUS Integration
        • Checkpoint SSL VPN Integration
        • CyberArk Integration
        • Dell SonicWall Network Security Appliance Integration
        • Fortigate MFA for admin accounts
        • Fortigate SSL VPN Integration
        • F5 integration
        • Ivanti Pulse Secure Connect Integration
        • Palo Alto MFA for admin accounts
        • Palo Alto SSL VPN Integration
        • Sophos SSL VPN Integration
        • Watchguard SSL VPN Integration
        • Ubuntu Server 22.0.4 SSH connections
        • XLOG Integration
        • VMware Horizon 8 RADIUS Integration
      • Knowledge Base
        • User not found on logs even user exist
        • Global Protect authentication happened two time while using RADIUS
        • User is not withdrawn from LDAP.
        • Fortigate SSL VPN timeout
        • Provider not found error
        • How to install SSL certificate to Mirket
        • Can a Palo Alto be set up to forward client IP addresses to Mirket?
        • SMS not sent to the phone number
      • Release Notes
        • Mirket Version 4.1.2
        • Mirket Version 4.0.6
        • Mirket Version 4.0.0
        • Mirket Version 3.9.2
    • Mirket SAAS Platform
      • Mirket Gateways Installation Requirements
      • Mirket Portal
        • Dashboard
        • Administration
        • Users
          • LDAP Users
          • Local Users
        • Groups
        • External Sources
        • Authentication
          • Radius Rules
          • Proxy Rules
          • OWA Rules
          • ADFS
            • ADFS Management
            • ADFS Agent
          • Custom API
          • OS Logon
            • OS Logon Management
            • OS Logon Agent
        • User Portal
          • User Portal Management
          • User Portal Login Page
          • User Portal Dashboard
        • Connector
          • Radius Gateways
          • LDAP Gateways
          • Proxy Gateways
        • SMS Providers
        • Settings
          • General Settings
          • Syslog
          • Attribute Profiles
      • Monitor
        • Audit Logs
        • Radius Logs
        • Proxy Logs
        • OWA Logs
        • User Portal
        • ADFS Logs
        • OS Logon Logs
      • Mirket Mobile App
      • Integrations
        • Array Networks SSL VPN Integration
        • Barracuda CloudGen Firewall Integration
        • Citrix Integration
        • Cisco ASA Integration
        • Cisco ISE RADIUS Integration
        • Checkpoint SSL VPN Integration
        • CyberArk Integration
        • Dell SonicWall Network Security Appliance Integration
        • Fortigate MFA for admin accounts
        • Fortigate SSL VPN Integration
        • F5 integration
        • Ivanti Pulse Secure Connect Integration
        • Palo Alto MFA for admin accounts
        • Palo Alto SSL VPN Integration
        • Sophos SSL VPN Integration
        • Watchguard SSL VPN Integration
        • Ubuntu Server 22.0.4 SSH connections
        • XLOG Integration
        • VMware Horizon 8 RADIUS Integration
      • Knowledge Base
      • Release Notes
Powered by GitBook
On this page
  1. Mirket Help Center
  2. Mirket On Premise
  3. Mirket Admin Panel
  4. User Management

LDAP Group Configuration

PreviousLdap UsersNextRules

Last updated 1 year ago

You can map security groups from Active Directory with Mirket and display the users from DC within Mirket. You can create nested groups on the domain controller and integrate them with Mirket.

In the Groups > LDAP Groups menu, a new LDAP group can be created, edited, or deleted.

Group Name: The name to be given to the created group.

Domain: In the Domain text box, type your LDAP domain name such as "mirket.local".

Description: The description to be given to the created group.

SAM: In Mirket, user identification is done using the SAM (Security Account Manager) name. This is preferred over the standard username. The formation of the SAM name is as follows:

  • If NPS is within a domain (for instance, if the domain name is 'mirket.local'), requests are sent in the format 'mirket\username'.

  • If NPS operates in a workgroup environment outside of a domain, requests use the NPS server's name as a basis, for example, 'mfaserver\username'. If Mirket does not find a user corresponding to the incoming SAM name, a 'user not found' log message will be recorded, and Mirket will deny the authentication request. This also applies to RDP and OWA connections. In these types of connections, requests are directly sent to the Mirket system in the 'sam\username' format. If there is no user with the same SAM name, Mirket will respond with a 'user not found' message and deny the request. In LDAP group definitions, the SAM values of users are specified. When Mirket imports users from LDAP, it adds the defined SAM value to the beginning of the usernames to create the SAM names. When local users are created, their SAM values are taken from the local groups they belong to. It is expected that SAM values are correctly entered in these local groups.

IP: In the IP text box, type your ip address of the Active Directory.

Phone Attribute: The DC attribute value from which the user's phone number will be retrieved.

Mail Attribute: The DC attribute value from which the user's email address information will be retrieved.

Phone Pattern: The initial format of the user's phone number. If the phone pattern doesn't match, the user won't be fetched from Active Directory. Users not admitted due to the pattern will appear in LDAP reports.

Pattern Placer: The entered value is added in place of the phone pattern. It's typically used as an area code. For example, if the phone pattern is '0' and the pattern place is '+440,' it will replace '0' with '+440' at the beginning of phone numbers that start with '0'.

Sync Period: It determines the synchronization period in minutes with the chosen group in Active Directory.

Username: The username for LDAP integration. If this account is located under the User OU on the DC, the username can be written directly. If it is located under a different OU, it is necessary to enter the distinguishedName value within parentheses in this field. For example ; (CN=mirketldap,OU=2FA-test,DC=lineup,DC=local). Note: It is enough for the service user to be in the domain user group. Domain admin authorization is not required.

Password: Password of the user who will provide the LDAP integration.

If you have entered all the information, click the Verify button. When the Verify button is clicked, if the entered information is correct, the groups are listed in the AD Group section. However, if the information is incorrect, the groups won't be visible in the AD Group section. After completing the verification process, click the Save button to create the LDAP group.

AD Group: The group to be selected on Active Directory. After entering the information, groups are listed by verification, and from this list, the specified group is selected to create a LDAP group. If groups are not listed when verified, it is necessary to check the permissions of the service account.

DistinguishedName: If you specifically want to specify the location of the group to be included in Mirket within Active Directory, you can write the DN of the group in this section. If there are more than 1000 security groups in the structure, Mirket may not see some groups due to default settings. In this case, the DN information needs to be entered.

Ldap Type: This section defines the LDAP type for the created group. The 'Others' option is for LDAP types, such as open LDAP Active Directory.

In the Users > LDAP Groups menu, created LDAP groups can be listed, searched, columns displayed, printed, filtered, or exported in CSV format.

The created LDAP group is manually synced for the first time. Go to Actions -> Sync.

In the Mirket Groups list, user status can be observed for the group created after synchronization.

Total Users: It shows the number of users in the group on the DC.

Valid Users: It displays how many of the users from the group on the DC were transferred to Mirket.

Status: It displays the status of LDAP integration.

Through Actions > Report, information about why rejected users were not included in Mirket can be viewed.

Related Topics

Local Users Configuration
Local Group Configuration
LDAP Users