Last updated on September 1, 2025
What is LDAP?
LDAP is a protocol you can use to read directory servers, such as Microsoft Active Directory or OpenLDAP, over a network. A Service Provider uses the LDAP protocol to communicate with an Identity Provider (such as Active Directory). The result of the communication is a successful or unsuccessful authentication of a user. You can add Multi-Factor Authentication (MFA) to the authentication process to introduce an additional security step to the authentication of your users.
LDAP Protocol vs. LDAP Server – Clarification
How to make the LDAP Protocol More Secure?
How Does LDAP MFA Work?
There is no one set way in which MFA works with LDAP. Different security providers and MFA solutions can implement different protocols and technologies to make these integrations possible. Most solutions use open standards, but the way they work can still be slightly different. Let’s break down how a Multi-Factor Authentication (MFA) solution can work with the LDAP server and how and where it uses the LDAP protocol. We will be using Rublon Multi-Factor Authentication as an example.
Rublon MFA uses the LDAP protocol in many scenarios:
- Remote Desktop Services + Active Directory – You can configure Rublon to verify user login and password against Active Directory during the first step of MFA for your Remote Desktop Services logins.
- VPN + RADIUS + LDAP Server – You can configure the Rublon Authentication Proxy to verify user login and password against an LDAP server during the first step of MFA for your VPN logins
- SSO + SAML + LDAP Server – You can configure the Rublon Access Gateway to verify user login and password against an LDAP server during Single Sign-On (SSO) logins to cloud apps.
Remote Desktop Services + Active Directory
- The LDAP protocol is used in Step 2 of the following diagram.
- Rublon for RD Gateway, Rublon for RD Web Access, and Rublon for RD Web Client can similarly use Active Directory as the Identity Provider.

- User opens Remote Desktop Connection and enters their username and password.
- The Remote Desktop Session Host checks the login credentials against Active Directory.
- If login credentials are correct, the Remote Desktop Session Host asks the Rublon API to send a Mobile Push authentication request to the user’s phone.
- Upon accepting the push, the user connects to the remote desktop.
VPN + RADIUS + LDAP
SSO + SAML + LDAP
How Do I Enable LDAP MFA For My Users?
How to Enable LDAP MFA for Remote Desktop Services?
How to Enable LDAP MFA for VPNs?
- Deploy and configure the Rublon Authentication Proxy to connect to your LDAP server.
- Find the integration instructions in our documentation.
- Follow the instructions and integrate your service with the Rublon Authentication Proxy.
- Repeat steps 2 and 3 for any number of RADIUS-Compatible services you want.
How to Enable LDAP MFA for SSO and SAML Applications with an LDAP server as your identity provider?
- Multiple cloud apps configured for Single Sign-On (SSO)
- Multiple cloud apps protected with Multi-Factor Authentication (MFA)
- The login credentials for the first step of MFA verified against your LDAP server, such as Active Directory or OpenLDAP