Lightweight Directory Access Protocol (LDAP) is an open, standards-based protocol used to access and manage directory information services over a network. It enables applications and systems to retrieve identity data such as usernames, passwords, group memberships, and attributes from a centralized directory, often used for authentication and authorization. LDAP is widely used in enterprise environments to manage user credentials and policies, and it forms the basis for many identity provider (IdP) systems, including Microsoft Active Directory and OpenLDAP.
LDAP plays a critical role in centralizing identity management across distributed IT and OT environments. Instead of managing user accounts and credentials on each system individually, organizations use LDAP-based directories to store and control identity data in one place. This simplifies authentication, reduces administrative overhead, and ensures consistent application of access control policies across the enterprise.
In critical infrastructure sectors, where systems often include legacy OT assets and distributed user roles (e.g., internal users, contractors, OEMs), LDAP provides a reliable, scalable method for managing identities and enforcing least privilege. LDAP also supports integration with Multi-Factor Authentication (MFA), Single Sign-On (SSO), and federated identity systems, making it foundational to Zero Trust strategies.
Moreover, many compliance frameworks including NERC CIP, IEC 62443, and TSA SD02E require organizations to demonstrate control over identity verification and access assignment. LDAP enables this by acting as a centralized, auditable repository for identity-related information.
Xona integrates with LDAP-based identity providers such as Microsoft Active Directory and OpenLDAP to authenticate users and apply fine-grained access control policies. This allows organizations to leverage their existing identity infrastructure to manage access to critical systems without duplicating user accounts or credentials.
Through this integration, Xona enables identity-based access, multi-factor authentication, and time-based access policies enforced at the gateway before users ever reach the target system. LDAP identities can be mapped to specific roles, access windows, or privileged systems, ensuring that only authorized users can interact with operational technology (OT) or information technology (IT) environments.
By connecting to LDAP directories, Xona enables centralized governance while supporting disconnected access, credential injection, and session recording, enhancing both security and compliance posture across hybrid, high-risk environments.