> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how to connect your app to Active Directory (AD) using Lightweight Directory Access Protocol (LDAP) through an enterprise connection.

# Connect Your App to Active Directory using LDAP

Auth0 integrates with Active Directory (AD) using Lightweight Directory Access Protocol (LDAP) through an **Active Directory/LDAP Connector** that you install on your network.

The **AD/LDAP Connector** (1), is a bridge between your **Active Directory/LDAP** (2) and the **Auth0 Service** (3). This bridge is necessary because AD/LDAP is typically restricted to your internal network, and Auth0 is a cloud service running in a completely different context.

<Frame>
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/auth0/docs/images/cdy7uua7fh8z/2HT4cRvUDzA2OdEPlfgLDV/be32ffe82562dc8f07fdd2097f14d881/ldap-connect.png" alt="Overview Diagram of AD/LDAP Connector" />
</Frame>

For [high availability and load balancing](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/ad-ldap-high-availability), you can install multiple instances of the connector. All connections are outbound from the connector to the Auth0 Server, so changes to your firewall are generally unnecessary.

## Prerequisites

Before beginning:

* [Register your Application with Auth0](/docs/get-started/auth0-overview/create-applications).

  * Select an appropriate **Application Type**.
  * Add an **Allowed Callback URL** of `{https://yourApp/callback}`.
  * Make sure your Application's [**Grant Types**](/docs/get-started/applications/update-grant-types) include the appropriate flows.

## Steps

To connect your application to Active Directory/LDAP, you must:

1. [Create an enterprise connection in Auth0](#create-an-enterprise-connection-in-auth0) and download the installer
2. [Install the connector on your network](#install-the-connector-on-your-network)
3. [Enable the enterprise connection for your Auth0 Application](#enable-the-enterprise-connection-for-your-auth0-application)
4. [Test the connection](#test-the-connection)

## Create an enterprise connection in Auth0

1. Navigate to [Auth0 Dashboard > Authentication > Enterprise](https://manage.auth0.com/#/connections/enterprise), locate **Active Directory / LDAP**, and select its `+`.

   <Frame>
     <img src="https://mintlify.s3.us-west-1.amazonaws.com/auth0/docs/images/cdy7uua7fh8z/1fSTcrZpkgkPR64NnI1lr8/b3454e60a4463e99353603fd11a71983/Enterprise_Connections_-_EN.png" alt="Dashboard - Connections - Enterprise" />
   </Frame>
2. Enter details for your connection, and select **Create**:

| Field                                          | Description                                                                                                                                                                                                                                                  |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Connection name**                            | Logical identifier for your connection; it must be unique for your tenant. Once set, this name can't be changed.                                                                                                                                             |
| **Display name** (optional)                    | Text used to customize the login button for Universal Login. When set, the Universal Login login button reads: "Continue with \{Display name}".                                                                                                              |
| **Logo URL** (optional)                        | URL of image used to customize the login button for Universal Login. When set, the Universal Login login button displays the image as a 20px by 20px square.                                                                                                 |
| **IdP Domains** (optional)                     | Comma-separated list of valid email domains that will be allowed to log in using this connection. Only needed if using the Lock login widget.                                                                                                                |
| **Disable cache**                              | When enabled, disables caching.                                                                                                                                                                                                                              |
| **Use client SSL certificate authentication**  | When enabled, uses client SSL certificate authentication.                                                                                                                                                                                                    |
| **Use Windows Integrated Auth (Kerberos)**     | When enabled, you will be asked to enter a range of IP addresses. When users log in through these IP addresses, Kerberos will be used; otherwise, AD/LDAP username/password will be requested. Typically, the IP range entered represent intranet addresses. |
| **Sync user profile attributes at each login** | When enabled, Auth0 automatically syncs user profile data with each user login, thereby ensuring that changes made in the connection source are automatically updated in Auth0.                                                                              |

<Frame>
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/auth0/docs/images/cdy7uua7fh8z/2IR80sIwNNyPlDMxIjWv8e/b6748243f90ce0e7d771a39cef24cb0f/LDAP_Connection__1_.png" alt="Enter AD / LDAP Connection Details" />
</Frame>

3\. Download the provided installer and make note of the provided **Provisioning Ticket URL**.

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  We ship different versions of the connector to install on Windows or Linux platforms.
</Callout>

## Install the connector on your network

Set up the [AD/LDAP Connector](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector) by following the instructions for your platform:

* [Install the AD/LDAP Connector on Windows](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/install-configure-ad-ldap-connector)
* [Install the AD/LDAP Connector on Non-Microsoft Platforms](/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector/install-configure-ad-ldap-connector)

## Enable the enterprise connection for your Auth0 application

To use your new AD connection, you must first [enable the connection](/docs/authenticate/identity-providers/enterprise-identity-providers/enable-enterprise-connections) for your Auth0 Applications.

## Test the connection

Now you're ready to [test your connection](/docs/authenticate/identity-providers/enterprise-identity-providers/test-enterprise-connections).

## Next Steps

* [Integrate with Auth0 using one of our libraries](/docs/libraries)
* [Integrate with Auth0 using our Authentication API](https://auth0.com/docs/api/authentication)
* [Read more about the authentication flow](/docs/get-started/authentication-and-authorization-flow)
* [Pass additional parameters to the Identity Provider](/docs/authenticate/identity-providers/pass-parameters-to-idps)
* [Re-prompt users for permissions](/docs/authenticate/identity-providers/social-identity-providers/reprompt-permissions)