Ubisecure CustomerID needs an access to the main user LDAP directory. A directory service is needed to establish this connection. To create the service open Ubisecure SSO Management:

Access the URL uas_url/ubilogin in a browser
Create a new Service in Services tab (Select Home → Services → New Service...)
- Title:
  CustomerID Directory
- Directory type:
  Ubilogin Directory or Active Directory
  Select Active Directory only when external AD is used for CustomerID user storage. Typically Ubilogin Directory is used.
Click OK
Append one of the following two configurations to the existing text in the "Configuration String" field, depending on whether UbiloginDirectory or Active Directory is used for CustomerID user data storage; typically Ubilogin Directory is used.
Ubilogin Directory:
```
policy.password.encoding={SSHA}
directory=ldap:///{LDAP root}
policy.password.protocol=UbiloginDirectory
password-name=password.2
java.naming.factory.initial=com.ubisecure.util.ldap.jldap.JLDAP
directory.schema=Ubilogin Directory
```
Active Directory:
```
java.naming.ldap.attributes.binary=objectGUID
policy.password.protocol=ActiveDirectoryDs
password-name=password.2
```
You can check the value of {LDAP root} for example from the jndi.properties file situated in the %PROGRAMFILES%\Ubisecure\customerid\application\custom folder. The value is the LDAP root part of the java.naming.provider.url property. An example:
```
java.naming.provider.url = ldap://localhost:389/cn=Ubilogin,dc=test
```

For clustered Ubisecure SSO, you will need the following settings in the CustomerID jndi.properties file situated in the folder %PROGRAMFILES%\Ubisecure\customerid\application\custom:

com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/>
com.ubisecure.util.ldap.failover.type=single-master (default is multi-master)
com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds)
com.sun.jndi.ldap.read.timeout=15000 (in milliseconds)
com.ubisecure.util.ldap.maxage=120000 (in milliseconds)
com.ubisecure.util.ldap.auth.pool.max=8

For clustered Ubisecure SSO, add the same settings in the CustomerID Directory settings in the Ubisecure SSO Home → Services tab → CustomerID Directory → Configuration String:

com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/>
com.ubisecure.util.ldap.failover.type=single-master (default is multi-master)
com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds)
com.sun.jndi.ldap.read.timeout=15000 (in milliseconds)
com.ubisecure.util.ldap.maxage=120000 (in milliseconds)
com.ubisecure.util.ldap.auth.pool.max=8

Click Update

Restart Ubisecure SSO from command line:

net stop UbiloginServer
net start UbiloginServer

Browser not supported