Using LDAP Sync Service with MFA

The LDAP Sync service client now supports Multi-Factor Authentication (MFA) through a secure device code flow. This improves security by eliminating the need to store usernames and passwords in memory and ensures compliance with MFA requirements for KACE Cloud administrators.

In addition to this,

• LDAP Sync Service uses the same authentication flow as the Admin Portal and Enrollment Portal.
• MFA policies configured for your tenant are enforced during LDAP Sync login.
• Existing LDAP sync configurations continue to work without interruption.

Prerequisites

• The LDAP Sync client should be the latest version. The client checks for updates automatically at launch.
• MFA should be configured for your KACE Cloud tenant.
• Access to a web browser on the same or another device.

Authentication Flow

LDAP Sync client uses device code authentication instead of collecting credentials directly in the client.

1. Launch the LDAP Sync client.
2. Enter your tenant when prompted.
   The client opens your default browser and displays a login page.
3. If the browser does not open automatically, copy the provided URL and paste it into a browser.
4. Authenticate using local account (email and password) with MFA.
5. Approve the device access request when prompted.
   After successful authentication, return to the LDAP Sync client. The client continues with LDAP setup.