How-To Guides
...
Integration Guides
Integrate with Active Director...

Locking Down LDAP Access Over the Internet

1min

Enabling LDAP access to Azure AD DS over the internet creates a security threat. The managed domain is reachable from the internet on TCP port 636. It is recommended to restrict access to the managed domain from the company environment IP addresses. This can be managed by creating a group rule.

To create a security group rule:

  1. Select Resource Groups from the navigation pane in the Azure Portal
  2. Choose the resource group, then select the network security group, such as aaads-nsg, and the list of existing inbound and outbound security rules appears
  3. On the left-hand side of the network security group window, navigate to Security> Inbound security rules
  4. Select Add, then create a rule to allow TCP port 636
  5. For improved security, set the source as IP Addresses and specify the valid IP addresses or range for your organization
  6. Select Add to save and apply the rule
Lockdown LDAP Access
Lockdown LDAP Access


Kron PAM can be integrated once the necessary changes have been made to the Azure AD. To complete the integration, the admin should know a) domain name, b) base DN, and c) authorized user information. Admins can import specific user groups by defining the group search phrase with conditions.

PREVIOUS
Enabling LDAP for Azure AD DS
NEXT
Integrate with ITSM
Docs powered by Archbee