Understanding LDAP Connection Types for ID123
ID123 supports a variety of LDAP (Lightweight Directory Access Protocol) connection types to ensure a seamless and secure integration into your Active Directory. Connecting ID123 to your Active Directory ensures your digital ID data remains up-to-date with your organization’s directory.
When connecting ID123 to your Active Directory, it’s important to know which LDAP type to select, as not all Active Directory environments support all LDAP types by default. This guide compares the three LDAP connection types that ID123 supports so you can choose the appropriate LDAP type supported by your Active Directory.
LDAP
LDAP is the original version of the protocol and is primarily used for communication between applications and directory services within a local, trusted network. Data is transmitted in “clear text,” meaning it is not encrypted during transit. Because sensitive information like usernames and passwords can be intercepted, we recommend using LDAP only in isolated testing environments.
LDAPS (TLS)
LDAPS (TLS) adds a layer of encryption to the connection, functioning similarly to how HTTPS secures a website. LDAP (TLS) requires a valid server certificate and usually operates on port 636. The directory server uses an SSL/TLS certificate to verify its identity to ID123. All data sent between the two points is encrypted; because of this, LDAPS is more secure than LDAP. This is the standard secure method for connecting to a Microsoft Active Directory or Azure AD Domain Services.
LDAPS (mTLS)
LDAPS (mTLS) represents the highest level of security for Active Directory connections. While LDAPS (TLS) only requires the server to prove its identity with a valid server certificate, LDAP (mTLS) requires both a valid server and the client-side certificate for authentication. If your organization uses Google LDAP (Google Cloud Identity), you must use this method. Google requires mTLS to ensure that only authorized clients can access your directory data.
If you are not sure which LDAP connection type your Active Directory supports, check with your Active Directory provider. For assistance in setting up your LDAP connection to your Active Directory or Google Workspace, check out our guides on How to Integrate LDAPS/Active Directory with ID123 and How to Integrate Google Workspace with ID123 via LDAPS.
Still Need Help?
Please contact ID123 Support.