To connect Orchestrator to a directory server instance, you must provide the host, port, and search base of the LDAP server to generate the connection URL. You must also provide the user credentials and the user and group lookup paths so that the LDAP users can authenticate against the Orchestrator client.

About this task

The supported directory service types are Active Directory over LDAP and directory services based on OpenLDAP.


If you change the LDAP server or the directory service type after you assign access permissions on workflows or actions to Orchestrator objects, you must reset these permissions.

If you change the LDAP settings after you configure custom applications that collect and store user information, the LDAP authentication records become invalid when used on the new LDAP database.


Use the detailed settings information to configure the LDAP authentication. See LDAP Authentication Settings.


  1. Log in to Control Center as an administrator.
  2. Click Configure Authentication Provider.
  3. Select LDAP Authentication from the Authentication mode drop-down menu.
  4. From the LDAP client drop-down menu, select the type of directory server that you want to use.
  5. Configure the LDAP server in your environment.
  6. Click Save Changes.
  7. Enter credentials for an LDAP user on the Test Login to test whether this user can access the Orchestrator client.

    After a successful login, the system checks if the user is part of the Orchestrator Administrator group.

What to do next

Configure the database. For more information, see Configuring the Orchestrator Database Connection.