In this article, you will learn:

  • How Tulip can connect to your Active Directory instance
  • Different ways to configure the Active Directory integration
  • Technical requirements for an Active Directory integration

Tulip currently integrates with LDAP via Microsoft’s Active Directory product. If your organization uses Active Directory, then you can set up your Tulip instance based on rules from Active Directory.

Note: This feature is only available on Enterprise Plans

Setup Options

Tulip has two different user interfaces:

  1. Tulip, which allows administrators to build and edit apps and connect to external databases
  2. The Tulip Player, which allows employees to use the apps that were built in Tulip

Tulip has two different levels of user privileges:

  1. Administrators with administrator privileges and the ability to edit apps in Tulip
  2. Operators that can strictly use apps. They cannot edit apps or access the Tulip interface.

You have four separate ways that you can configure your integration:

  1. Require all Tulip users to log into Tulip or Tulip Player using their Active Directory username and password. Administrator and Operator access are specified based on Active Directory groups.
  2. Require all Tulip users to log into Tulip or Tulip Player using their Active Directory username and password. Administrator and Operator access are defined within Tulip.
  3. Allow Tulip Operators to log into Tulip Player using only their badge ID, but require Tulip Administrators to log into Tulip using their Active Directory username and password. Administrator access is specified based on an Active Directory group.
  4. Allow Tulip Operators to log into Tulip Player using only their badge ID, but require Tulip Administrators to log into Tulip using their Active Directory username and password. Administrator access is defined within Tulip.

You can choose the configuration option based on your organization’s security protocols. Enforcing the use of Active Directory username and password for all Tulip users is the most secure option. 

Coordinating Tulip Users With LDAP Users

If your organization chooses to define Administrator and Operator roles within Tulip, a Tulip administrator will first need to create a new user. Then, they must add a Tulip username that matches the LDAP username. Any email is acceptable.

When this Tulip user attempts to log in, they need to add their LDAP username in the “Username” field and their password in the “Password” field. Tulip will then authenticate them in your Active Directory instance. Here are the Administrator and Operator login screens:

In this case, a Tulip system administrator will add your first Tulip admin with information that you provide.

If your organization chooses to define Tulip roles based on Active Directory groups, then there is no need to create individual users within Tulip. 

When the user logs into Tulip with their Active Directory credentials for the first time, Tulip will authenticate them with your Active Directory instance and then automatically create an account within Tulip. Their capabilities will depend on their Active Directory group.

In order for Tulip to determine your employee’s privileges within Active Directory, you will need to provide group identifiers from Active Directory so Tulip can determine which groups include Admins and which include Operators.

If Tulip Operators are allowed to log in using their badge ID, here is their login screen within the Tulip Player:

Technical Requirements

To configure an LDAP connection, you will need to provide your own LDAP server that is accessible by Tulip's Server and provide the following information:

  • The server address (e.g. ldaps://xxx.xxx.xxx:636)
  • A "Distinguished Name" to search (e.g. dc=tulip,dc=co )
  • The Certificate Authority used to sign the certificates of the LDAP server

Your system administrator should be easily able to provide this information.

Did this answer your question?