There are four modes for managing users and groups in Morro Data:
- Morro Users Mode
- Active Directory Mode
- Azure AD Mode
- LDAP Mode
This section focuses on configuring LDAP mode and using JumpCloud to manage your users.
Configure JumpCloud Account
To enable JumpCloud mode, you must have a JumpCloud account configured with the following information:
- Configure JumpCloud User
- Connect to JumpCloud LDAP
- Configure JumpCloud Users/Groups
JumpCloud User Setup
A user needs to have access to join the JumpCloud LDAP service. To enable a user to join JumpCloud LDAP:
- Click on the USERS tab.
- Select the user to join JumpCloud LDAP to open the User Manage page.
- In the DETAILS tab, scroll down to the section User Security Settings and Permission and click the arrow to expand the section.
- Select the option "Enable as LDAP Bind DN". This will allow the user to bind to and search the JumpCloud LDAP service.
JumpCloud LDAP Setup
The account needs to enable Samba access to use the CacheDrive as a mapped network drive.
- Click on the DIRECTORIES tab.
- Select the item JumpCloud LDAP.
- In the DETAILS tab, scroll down to the section LDAP Configuration and check the box "Configure Samba Authentication".
- From the SAMBA SERVICE ACCOUNT item, choose a user with LDAP Bind DN enabled to act as the "SAMBA SERVICE ACCOUNT".
JumpCloud Users and Groups
In order to use JumpCloud Users and Groups in Morro Data, the following requirements need to be met:
- Groups must have "Create Linux group for this user group" and "Enable Samba Authentication" enabled.
- If "Create Linux group for this user group" is not enabled, the group will not be imported into Morro Data.
- If "Enable Samba Authentication" is not enabled, users that are members of this group will not be able to access the share from the CacheDrive.
- Users must belong to a group with "Enable Samba Authentication" enabled.
- Group must have a unique GID or else file permissions will not work properly.
Enable JumpCloud Integration in Morro Data
Change the authentication mode in the AUTHENTICATION tab on the Team page:
- Go to the Teams page.
- Choose the tab "Authentication" tab to change the authentication mode.
- Choose "LDAP" from the dropdown list next to Change mode to:
- Enter the JumpCloud settings:
- Base DN
- LDAP Bind DN
- LDAP Bind DN Password
- Click SWITCH TO THIS MODE to complete the process.
Manage Users and Groups in Morro Data
Once the account is joined to JumpCloud, the users and groups that were properly configured will be imported into the Morro Data system. You can verify the users and groups imported from JumpCloud in the Morro Data Teams page.
JumpCloud Users must be a member of at least one group. If a user is not a member of a group, the user will not be imported into Morro Data.
Note: JumpCloud users are all part of one hidden group that is the same name as the user. This group is filtered by Morro Data and will not be imported into Morro Data. The group will also not qualify for the minimum one group membership for the user to be imported.
Manage JumpCloud Integration
After joining JumpCloud, Morro Data administrators can modify the JumpCloud settings or sync users and groups again.
Use the RE-JOIN button if the LDAP Bind DN or Bind DN Password has changed to authenticate Morro Data with JumpCloud again.
SYNC USER/GROUP FROM SERVER
Use the SYNC USER/GROUP FROM SERVER button to update user/group membership.
Note: If user/group membership has changed in JumpCloud, the permissions will be based on the JumpCloud settings even if the Administrator has not manually clicked the SYNC USER/GROUP FROM JUMPCLOUD button.
For more information on how to manage users and groups in Morro Data, refer to the articles in the folder Team.
OFFICE 365 INTEGRATION
(Not available with OpenLDAP)
Allows for SharePoint Sync to be used with JumpCloud as the identity manager.
Use the OFFICE 365 INTEGRATION button to connect to Office 365. The admin will be redirected to the Microsoft authentication page. Enter the account credentials for a global admin.
- The built-in Morro Data user "admin" cannot access the Team Portal, Morro Connect, or shares on the CacheDrive if there is not a JumpCloud user with the same name 'admin'.
- If the LDAP Bind DN password or the Bind DN has been locked, users will not be able to access the Team Portal or the shares on the CacheDrive.
- If a JumpCloud user's password has expired or if the user's account has been locked, the user cannot access the Team Portal or shares on the CacheDrive.
- If the SID is changed in JumpCloud, the administrator must click SYNC USER/GROUP FROM SERVER button to synchronize the changes, otherwise the user cannot access the share via Samba.