Categories

LDAP integration

LDAP (Lightweight Directory Access Protocol) is a protocol used to access a corporate user directory.

Enabling LDAP integration allows you to use existing employee accounts to log in, without creating users separately in Usedesk.


How LDAP integration works

When LDAP integration is enabled:

  • The user enters their login and password in Usedesk
  • The system sends a request to the LDAP server
  • LDAP verifies the credentials
  • Depending on the result:
    • if the credentials are valid — access is granted;
    • if not — access is denied

With LDAP, users are stored on the LDAP server side: Usedesk does not create or store local user accounts, and access management is handled by the LDAP administrator.

Usedesk creates copies of LDAP accounts — storing the user’s email and phone number (if provided in LDAP).

User passwords are not stored in Usedesk — authentication is fully handled by LDAP, reducing the risk of data leaks.

LDAP integration simplifies access management and is especially useful for companies with a large number of employees and established corporate infrastructure.

It allows you to:

  • use a single account across all corporate systems;
  • centrally manage users and permissions;
  • quickly revoke access (e.g., when an employee leaves);
  • reduce admin workload by eliminating manual user management in each system

LDAP settings (/settings/ldap/index)

Field

Description

Host

URL or IP address of the LDAP service

User

User DN for connecting to the LDAP service

Password

Password for connecting to the LDAP service

Use SSL/TLS

Currently set to “No encryption”

Directory DN and LDAP service port

Configured according to your LDAP service settings

GUID attribute in LDAP

Not required for Active Directory

CN attribute in LDAP

Attribute names from LDAP used when importing users into Usedesk

Mail attribute in LDAP

Phone attribute in LDAP

LDAP user group DN

If specified, only users from this group will be imported

Default group

Usedesk group where imported users will be assigned

Default role

Usedesk role assigned to imported users

User synchronization

After filling in the settings form and clicking Save, the connection status to the LDAP service is displayed. If the status is Connected, the settings are saved successfully.

Users are imported by a cron job that runs every 15 minutes.

You can also import users manually by clicking Import users. During synchronization, user data is fetched from LDAP. If a user was previously imported from LDAP but is not returned during sync, they will be removed from Usedesk.


Imported agents

Currently, LDAP users are not marked separately in the agent list. Their data cannot be edited in the agent edit form.


LDAP agent login

Before logging in, an agent must be imported from LDAP into Usedesk. User passwords are not stored in Usedesk.

Imported users log in via the standard login form (/login) using their email and password. Credentials are verified by the LDAP service, and upon successful validation, the user is authenticated in Usedesk.