Authenticating Users with Active Directory or LDAP

Xpress Insight authenticates users against credentials stored within the Xpress Insight database by default. It can be configured to authenticate against LDAP—either a standard LDAP directory or Microsoft Active Directory (AD)
Note LDAP integration is not available with a Community license.
Xpress Insight has two levels of authentication:
  • Partial authentication verifies users stored in the Insight database against details retrieved from LDAP.
  • Full integration enables Xpress Insight to synchronize user accounts (verify and create a new user, or update an existing user) within Insight, if that user has the correct LDAP group membership. If the user attempting to log in does not have a valid LDAP account, or does not have the Insight Group qualification in LDAP, they will be denied access.
Xpress Insight accesses AD as a LDAP server, and so the rest of this documentation will use LDAP as a generic term for both LDAP and AD.
Note The LDAP provider must be capable of providing an attribute on the user record which holds the group membership.
Covered Topics
  • Managing Users with LDAP
    By default, Xpress Insight authenticates users against credentials stored within the Xpress Insight database.
  • conreftest2
  • Configuring LDAP User Authentication
    The following steps outline the process to enable LDAP user authentication.
  • Testing LDAP Configuration
    Test LDAP user authentication when in Partial mode.
  • Local User Accounts
    Local user accounts are accounts that always authenticate against Xpress Insight irrespective of whether LDAP is enabled or not. This allows LDAP to be configured whilst still allowing access into Xpress Insight.
  • LDAP and Tableau
    Xpress Insight will assume that Tableau has been installed with Active Directory integration configured if the following conditions occur: