Set up Cirro so Microsoft Active Directory users can login to Cirro databases using their username and password.

Before You Start

You’ll need the following to set up LDAP in Cirro.

Item Description
Setup Cirro roles Set up Cirro roles for each user type, such as DBA, Users, and Analysts. These provide different access to Cirro and datasources. You’ll link these to matching security groups in your LDAP directory.
Security groups You’ll need to add a security group for each role you want in Cirro. For example, you might create a DBA group, a User group or an Analyst group. Add your LDAP users to these groups and when Cirro is set-up, they’ll have the correct access.
An LDAP administration user Cirro requires administrator access to query the directory on setup.

Add LDAP as Authentication Provider

Login to Cirro, and add the LDAP server and choose the folder with your Cirro-specific groups.

  • First, open Authentication Providers.

    • Choose Users & Roles then Authentication Settings.

    • Next, click Create.

  • Second, give the provider a unique name and choose Generic LDAP from the drop-menu.

This expands the dialog so you’ll see the General and Advanced tabs.

Add Settings

On the General tab, add these settings from your LDAP account.

Field Example  
LDAP/Active Directory Server  
LDAP User (Bind DN) cn=admin,dc=cirro,dc=com  
Password LDAP password MyLdapPassword
Base DN (Optional)    
  • Click Connect then choose the node on the tree with your Cirro users.

  • Make changes to advanced settings if desired.

Field Description
Cache expiry timeout (seconds) For MFA providers, the time window in which new connection requests will re-use the initial MFA authentication. Every new connection resets the time. This is for client tools that make multiple connections for your single login. Defaults to 900 seconds.
Authentication timeout (seconds) For MFA providers, the number of seconds users have to acknowledge their connection.
Valid username pattern (optional) If set, only usernames that match the regular expression will be validated using this Authentication Provider.
Synchronize users (optional) Synchronize the directory users from this Authentication Provider if supported by the provider.
  • Click Create Provider when finished.

Set Directory Services Authentication Chain

You can set authentication providers to execute services one after another

  • Click the field to view a list of all your authentication providers.

  • Tick your LDAP provider name then additional providers in order of preference.

  • Click Update to save.

Grant Roles to LDAP Users

Now you can grant roles to the LDAP group. These steps assume you’ve already created roles, or wish to grant one or more built-in Cirro roles.

  • First, open the Create Role wizard.

    • Click Users & Roles then View all roles.

    • Click Create a Role.

  • Second, name your role and choose the LDAP group (in our example “MyCirroLDAP”)

  • Third, grant roles

    • Click Grant Roles to Role.

    • Tick roles then add them with the » keys. They’ll move to the Selected Roles panel.

Once you’ve done this, you can click Next three times, then Finish on step four.

View LDAP Users

Only users who have already logged in will be listed.

  • Click Users & Roles then View all roles.

  • Click Active Directory Users

Column Description Possible Values See also
Login Your directory username Determined by your Directory system  
Authentication Provider Third party authentication provider TOTP, Duo, Saaspass Manage authentication providers
First Login Date and time of first login to Cirro YYYY-MM-DD HH:MM  
Last Login Date and time of last login to Cirro YYYY-MM-DD HH:MM  
Session Count Session ID of last login    

See Also