LDAP Overview - Infisical

<Note> LDAP authentication requires [Email Domain Verification](/documentation/platform/email-domain). You must verify your organization's email domain before users can log in via LDAP. </Note> <Info> LDAP is a paid feature.

If you're using Infisical Cloud, then it is available under the Enterprise Tier. If you're self-hosting Infisical, then you should contact [email protected] to purchase an enterprise license to use it.

</Info>

You can configure your organization in Infisical to have members authenticate with the platform via LDAP.

LDAP providers:

Active Directory
JumpCloud LDAP
AWS Directory Service
Foxpass

Read the general instructions for configuring LDAP here.

If the documentation for your required identity provider is not shown in the list above, please reach out to [email protected] for assistance.

FAQ

<AccordionGroup> <Accordion title="Why does Infisical require additional email verification for users connected via LDAP?"> By default, Infisical Cloud is configured to not trust emails from external identity providers to prevent any malicious account takeover attempts via email spoofing. Accordingly, Infisical creates a new user for anyone provisioned through an external identity provider and requires an additional email verification step upon their first login.

If you're running a self-hosted instance of Infisical and would like it to trust emails from external identity providers,
you can configure this behavior in the Server Admin Console.

</Accordion> </AccordionGroup>