The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. Once you have indicated that you would like to integrate your LDAP server with ExamSoft, complete an addendum and provide us with your server information. Below are answers to common questions about the integration.
Q. How long does LDAP take?
Generally, LDAP takes ten business days from the time that we receive all the required information until the time of completion and testing.
Note: This timeline is dependent upon continued, prompt communication from the institution’s IT department for troubleshooting.
Q. What is required of the institution when setting up LDAP?
The institution must complete the addendum and server information forms. The institution is responsible for importing exam-taker data into the ExamSoft portal ensuring that the exam-taker ID entered matches the exam-taker’s LDAP ID. The institution is also responsible for adding user accounts and their LDAP ID into the ExamSoft portal.
Q. What is required of the school when doing the LDAP integration?
- The institution must fully complete the LDAP Server Information form. The institution must allow ExamSoft LDAP Traffic through their firewall.
Q. What IP Addresses need to be allowed through the firewall?
IP Addresses listed below:
Q. Does ExamSoft own those IP addresses?
Yes, ExamSoft owns the full range of IP addresses.
Q. Can I use a point-to-point and VPN connection when doing the LDAP integration?
We do not support point-to-point or VPN LDAP connections.
Q. Does ExamSoft store any of our passwords on their servers?
No, the only information stored in our databases is the IDs imported by the institution.
Q. Does ExamSoft support SAML?
Yes, please see our SAML FAQs article for more information.
Q. How is the connection to the LDAP Server managed?
Depending on your needs and the set-up of the server, we can connect in one of two ways. The first option is a search and bind method. With this method, we need a service account with access to search the LDAP directory. When using search and bind, this account cannot be disabled or deleted after the initial set-up. When someone attempts to log in, we will log in to the server with the service account you provided and search the directory for the authentication. The other option is a direct bind, in which we will take the credentials attempting to log in and pass them directly to the LDAP Server for an authentication request.
Q. Does LDAP work for the application and the website?
Yes, LDAP is used for the Examplify Application as well as for the website log-in information. When an exam-taker attempts to log in via the application, their credentials will be passed to the portal via SSO to be passed to the LDAP server.
Q. Why do you need a test username and password for exam-takers and exam-makers or admins?
- Having test credentials on file allows us to complete initial testing on the integration. These credentials also allow us to test any reported downtime or outages to get those issues resolved immediately. The test account for exam-takers and users should be contained in the same DN or organizational unit as the actual exam-takers and exam-makers or admins.
Q. How does ExamSoft know the LDAP ID for the exam-takers and exam-makers or admins?
For exam-takers, the LDAP ID should match the exam-taker ID in the ExamSoft portal. For exam-makers or admins, an additional field will be available from the user's page for you to add the LDAP ID for each user once LDAP is enabled. This will need to be completed prior to that user being able to log in.
Q. Why is there still a required password field when setting up new users or exam-takers in ExamSoft if you will be authenticating against the LDAP Server?
The password field in ExamSoft is a placeholder field and is not used during the authentication process. If you opt to disable LDAP, this password would become the new active password.
Q. Must domains for exam-makers or admins and exam-takers be the same for LDAP integration?
Q. How do I start the process of having LDAP enabled for my institution?
Speak with your Customer Success Specialist or Implementation Team, and they can provide you with the LDAP addendum form.