Connect a remote user store


# Connect a remote user store

You can connect your on-premise user store to Asgardeo and onboard users and groups from it. Note that this user store connection is read-only, which means you cannot use the Asgardeo console to modify this user store.

By connecting users in an on-premise user store, you can grant them access to the business applications of your Asgardeo organization and the MyAccount portal.

Follow the guide below to set up a remote user store in Asgardeo.

# Prerequisites

  • An organization in Asgardeo. Create an organization if you don’t have one already.

  • An on-premise user store. Currently, Asgardeo supports:

    • Lightweight Directory Access Protocol (LDAP)
    • Active Directory (AD)
  • To run the user store agent, you need to have:

    • JAVA 8 or JAVA 11 installed locally
    • JAVA_HOME configured correctly

# Register a remote user store

To configure a remote user store for your organization:

  1. On the Asgardeo console, go to Manage > User Stores.

  2. Click Connect userstore to open the following: Register remote user store to Asgardeo

  3. Enter the following details about the user store.

    Name A unique name to identify your user store.
    Description A description for the user store.
    Remote user store type Select your user store type

  4. Click Next and under Map Attributes, map Username and User ID attributes to that of your user store.

    These two attributes need to be mapped correctly for proper authentication.

    • Username - This attribute is used as the user identifier. Provide an attribute which identifies your user in your on-premise user store. For the best experience use an attribute of type email.
    • User ID - This attribute is used to uniquely identify a user entry. Provide an attribute that uniquely identifies a user entry in your user store.
  5. Click Finish to complete the registration.

# Set up the remote user store

After registering the user store, you’ll be redirected to the Setup Guide of the user store agent.

To assemble and configure the user store agent bundle:

  1. Download the user store agent.

  2. Configure the properties and connection details of the local user store by following these steps:

    1. Unzip the downloaded user store agent.

    2. Go to the root directory of the user store agent and open the deployment.toml file.

    3. Update the configurations of the deployment.toml file according to your user store settings. A sample configuration is given below for reference.

      [user_store]
      type = "ldap"
      base_dn = "dc=wso2,dc=org"
      connection_url = "ldap://localhost:10391"
      connection_name = "cn=admin,dc=example,dc=org"
      connection_password = "adminpassword"
      user_id_search_filter = "(&(objectClass=inetOrgperson)(uid=?))"
      user_name_list_filter = "(objectClass=inetOrgperson)"
      user_id_attribute = "uid"
      user_name_search_filter = "(&(objectClass=inetOrgperson)(uid=?))"
      password_hash_method = "PLAIN_TEXT"
      group_search_base = "ou=Groups,dc=example,dc=org"
      group_name_attribute = "cn"
      group_name_search_filter = "(&(objectClass=groupOfNames)(cn=?))"
      group_name_list_filter = "(objectClass=groupOfNames)"
      group_id_attribute = "gid"
      membership_attribute = "member"
      
      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      15
      16
      17

      Refer remote user store properties for the complete list of user store configurations.

  3. Return to the Asgardeo console and, click Generate Token to create an installation token. The installation token is essential to run the user store agent.

    • Copy the installation token and save it in a safe location. You won't be able to see it again!

    • This token has no expiry time, but in case you lose or forget it, you can regenerate an installation token.

  4. To start the user store agent, navigate to its root directory and run one of the following commands based on your operating system:

    • Linux/OSx:
      sh wso2agent.sh
      
      1
    • Windows:
      wso2agent.bat -- run
      
      1

    Enter the installation token generated in the previous step when prompted.

    (Optional) Run the user store agent as a background process
    1. Create a file named accessToken in the root directory of the agent.
    2. Add the installation token obtained from the previous step.
    3. Run the user store agent.
      • Linux/OSx:
         sh wso2agent.sh start
        
        1
      • Windows:
        wso2agent.bat start
        
        1

# What's Next