Skip to main content

SSO using LDAP

Authenticate your credentials with the W&B Server LDAP server. The following guide explains how to configure the settings for W&B Server. It covers mandatory and optional configurations, as well as instructions for configuring the LDAP connection from systems settings UI. it also provides information on the different inputs of the LDAP configuration, such as the address, base distinguished name, and attributes. You can specify these attributes from the W&B App UI or using environment variables. You can setup either an anonymous bind, or bind with an administrator DN and Password.

tip

Only W&B Admin roles can enable and configure LDAP authentication.

Configure LDAP connectionโ€‹

  1. Navigate to the W&B App.
  2. Select your profile icon from the upper right. From the dropdown, select System Settings.
  3. Toggle Configure LDAP Client.
  4. Add the details in the form. Refer to Configuring Parameters section for details on each input.
  5. Click on Update Settings to test your settings. This will establish a test client/connection with the W&B server.
  6. If your connection is verified, toggle the Enable LDAP Authentication and select the Update Settings button.

Configuration parametersโ€‹

The following table lists and describes required and optional LDAP configurations.

Environment variableDefinitionRequired
ADDRESSThis is the address of your LDAP server within the VPC that hosts W&B Server.Yes
BASE_DNThe root path searches start from and required for doing any queries into this directory.Yes
BIND_DNPath of the administrative user registered in the LDAP server. This is required if the LDAP server does not support unauthenticated binding. If specified, W&B Server connects to the LDAP server as this user. Otherwise, W&B Server connects using anonymous binding.No
BIND_PWThe password for administrative user, this is used to authenticate the binding. If left blank, W&B Server connects using anonymous binding.No
ATTRIBUTESProvide an email and group ID attribute names as comma separated string values.Yes
TLS_ENABLEEnable TLS.No
GROUP_ALLOW_LISTGroup allowlist.No
LOGINThis tells W&B Server to use LDAP to authenticate. Set to either True or False. Optionally set this to false to test the LDAP configuration. Set this to true to start LDAP authentication.No
Was this page helpful?๐Ÿ‘๐Ÿ‘Ž