License: Ultimate-Cloud
Relevant for: Organization owner or Admin
The LDAP user provider enables organization owners to set up authentication using a directory service, such as Microsoft Active Directory, OpenLDAP, or OpenDJ, to validate users’ credentials. LDAP directories are a standard method for storing user, group, and permission data and integrating that with other applications.
When LDAP is enabled in my.anydesk II, users in your organization can sign in using SSO with the organization ID and their corporate credentials. You can also import LDAP roles into my.anydesk II for integrated access control.
🦉 For more details on user provider types, see this article.
Organization certificates
The Organization certificates section lists all certificates associated with your organization. Certificates, typically in .pem format, secure the communication between my.anydesk II and your LDAP provider.
To add a certificate to your organization:
Sign in to my.anydesk II and go to Organization.
Under General, click Edit, and then select LDAP as the user provider.
In the Switch active provider dialog, click Proceed.
Scroll down to Organization certificates and click Add new certificate.
In the dialog, paste the content of the
.pemfile or drag and drop the file.Click Add new certificate.
Configure LDAP
You need to configure your LDAP provider to establish a connection with my.anydesk II.
To configure LDAP in my.anydesk II:
In my.anydesk II, open the Organization tab.
Under General, click Edit, and select LDAP as the user provider.
In the Switch active provider dialog, click Proceed.
Scroll to LDAP Setup, click Edit, and provide the following:
RDN LDAP attribute - attribute used as the top attribute of user DN (often the same as username, e.g.
cnorsAMAccountName).UUID LDAP attribute - attribute used as the unique identifier (e.g.
objectGUID, oruid/entryDN).User object classes - comma‑separated classes such as
inetOrgPerson,organizationalPerson.Connection URL - URL of your LDAP server.
Users DN - base DN where user entries reside (e.g.
ou=users,dc=example,dc=com).Bind DN and Bind credential - credentials for LDAP access.
User search filter - optional LDAP filter for limiting which user entries are retrieved (e.g.
(filtername)).Batch size - number of LDAP entries retrieved per transaction.
Periodic full sync - toggle on if you want a full sync; then specify Full sync period (in seconds).
Periodic changed users sync - toggle on to sync changed or new users; then set Changed sync period (in seconds).
.png)
Click Finish edit.
Once configured, users (subject to any filter applied) from your LDAP directory can sign in to my.anydesk II using the organization ID.
Import roles
You can import LDAP roles into my.anydesk II to manage permissions based on group membership.
Go to Organization, click Edit under General, and reselect LDAP as the provider.
In the Switch active provider dialog, click Proceed.
Scroll to Import roles, click Edit, and configure:
Roles DN - base DN under which role objects are located (e.g.
ou-roles,dc=example,dc=org).Role name LDAP attribute - attribute used for role names/RDNs (commonly
cn).Role object class - class(es) of role objects (e.g.
groupOfNames, orgroupfor AD).LDAP filter - optional filter to limit which roles are imported; format as
(filtername)if used.User roles retrieve strategy - select one of the following ways of retrieving user roles:
Load roles by ‘member’ attribute - query role entries where
member= user DN.Get roles from user ‘memberOf’ attribute - read roles from the
memberOfattribute on the user.
Membership attribute type - select depending on strategy:
DN (for
memberattribute)UID (for
memberUidattribute)memberOf (for using the user’s memberOf field)
Click Finish edit.
After completing this setup, LDAP group assignments are available in my.anydesk II for role‑based access control.