LDAP Overview
Learn how to authenticate into Infisical with LDAP.
LDAP is a paid feature.
If you’re using Infisical Cloud, then it is available under the Enterprise Tier. If you’re self-hosting Infisical, then you should contact sales@infisical.com to purchase an enterprise license to use it.
You can configure your organization in Infisical to have members authenticate with the platform via LDAP.
To note, configuring LDAP retains the end-to-end encrypted nature of authentication in Infisical because we decouple the authentication and decryption steps; the LDAP server cannot and will not have access to the decryption key needed to decrypt your secrets.
LDAP providers:
- Active Directory
- JumpCloud LDAP
- AWS Directory Service
- Foxpass
Read the general instructions for configuring LDAP here.
If the documentation for your required identity provider is not shown in the list above, please reach out to team@infisical.com for assistance.
FAQ
Why does Infisical require additional email verification for users connected via LDAP?
Why does Infisical require additional email verification for users connected via LDAP?
By default, Infisical Cloud is configured to not trust emails from external identity providers to prevent any malicious account takeover attempts via email spoofing. Accordingly, Infisical creates a new user for anyone provisioned through an external identity provider and requires an additional email verification step upon their first login.
If you’re running a self-hosted instance of Infisical and would like it to trust emails from external identity providers, you can configure this behavior in the admin panel.