Configure LDAP Integration
Configure LDAP Integration
If you have access to the Keycloak Admin Console, you can use it to connect PoolParty to an existing LDAP user directory.
Log in to the Keycloak Admin Console. For more information, refer to Access Keycloak for PoolParty On-Premise.
Configure an LDAP user federation. We recommend selecting the UNSYNCED edit mode.
For more information, refer to the Keycloak documentation.
Caution
Do not use the READ_ONLY edit mode, because the LDAP users will not be able to use PoolParty.
If you select the WRITABLE edit mode and create a user in the PoolParty User Management, the user will be automatically added to the LDAP store. If you decide to remove the connection to the LDAP store from Keycloak later on, the user will be automatically removed from the PoolParty User Management as well.
Tip
For more information on how to fill in a certain field, hold your pointer over the Help icon in the Keycloak UI.
Add user attribute mappers.
Keycloak maps some of the user attributes by default. To map users' roles, groups and language and display settings, go to the LDAP user federation you configured in step 2 and add the following attribute mappers:
a role mapper (required)
For more information, refer to Add Role Mapper for LDAP Integration.
a language and display setting mapper (required)
For more information, refer to Add Language and Display Setting Mapper for LDAP Integration.
a group mapper (optional)
For more information, refer to Add Group Mapper for LDAP Integration.
For more information on the mapper types in Keycloak, refer to the Keycloak documentation.
Go to the LDAP user federation you configured in step 2 and click Synchronize All users to synchronize the LDAP users to PoolParty.
Depending on the synchronization mode you selected in step 2, if you add or updated users on the connected LDAP server later on, the changes get synchronized automatically or you need to synchronize them manually. For more information, refer to the Keycloak documentation.