Provision the LDAPS connector in Azure AD DS
To provision the LDAP connector in Azure AD DS:
- Login to the Azure admin portal using an Azure admin account.
- Select Active Directory Domain Services.
- Select View.
- Select your AD DS instance, for example fortixpert.com.
- Within the AD DS menu for your domain, select Secure LDAP under Settings.
- In the Secure LDAP window, perform the following:
- Set Secure LDAP to Enable.
- Set Allow secure LDAP access over the internet to Enable.
- Upload your domain wildcard certificate, for example *.fortixpert.com, in .PFX format.
- Enter the password to decrypt the PFX file.
- Select the Save button at the top of the page, and wait for Azure to configure Secure LDAP.
This process takes approximately five minutes.
- Once provisioning is complete, you must now allow inbound access for the secure LDAP protocol (port 636 to your AD DS instance.
- Browse to the network security group linked in your Secure LDAP connector.
- Select the network secure group link to access the network security group settings.
You can follow the steps found on Microsoft's support website to enable user accounts for Azure AD DS. This is required for users to authenticate through Secure LDAP.
To create an Azure inbound firewall policy:
- Within the network security group, go to Settings > Inbound Security Rules, and click Add.
- In Add inbound security rule, set the following:
- Source: IP Address.
- Source IP address/CIDR ranges: Set as the IP address/range that the inbound request will be originating from.
- Destination port ranges: 636.
- Name: Enter the name, for example AllowSecureLDAP.
- Description: Add an optional description.
- Leave all other settings as their default values, and click Add.
To obtain the LDAPS IP address:
- Go to Azure AD Directory Services, and select the Azure domain.
- Go to Settings > Properties. Note down the Secure LDAP external IP address.