The directory-authentication module for organisations that already run Active Directory or a compatible LDAP server.
- Authentication via LDAP bind — users sign in with their AD credentials, no second password
- TLS — LDAPS or StartTLS, custom CA certificates supported
- Group-restricted access — limit sign-in to chosen AD groups; nested group membership is resolved automatically
Configuration lives under Administration → Integrations, per instance. Credentials are stored encrypted (AES-256-GCM); sign-ins are recorded in the login history.
Complementary to the modern authentication that ships with Core ISMS — AD/LDAP handles sign-in for staff with existing AD accounts; passkeys, Estonian ID-card via Web eID, and TARA SSO are included in every Cybsis instance without an additional module. For linking documents from Microsoft 365, see the Microsoft 365 Connector.