Data & AssessmentHome Connection Portal All Products: Admin/TeacherActive Directory (LDAP/RADIUS) Remote Authentication Set-up

Active Directory (LDAP/RADIUS) Remote Authentication Set-up

Remote authentication is supported by Illuminate Education's products using Lightweight Directory Access Protocol (LDAP) or Remote Authentication Dial-In User Service (RADIUS).  Generally, we recommend districts use LDAP.

Enabling remote authentication requires users to use your authentication server to grant them access.  Without proper configurations, users may not be able to reach the services provided by Illuminate’s products.  Please carefully read and follow the directions below.  If you are unsure how to proceed, please contact your district’s Implementation Manager.

I. Configuring Remote Authentication

IP Address Configuration

Your remote authentication server will need to be accessible via the internet by Illuminate Education's IP address ranges on the specific port you wish to use.

Old IP Address Ranges (no longer in use)

  • 66.117.13.208/28
  • 205.134.227.144/29
  • 205.134.232.88/29

New IP Address Range (for use after July 2014)

  • 204.237.164.144/29

II. Username Set-up

This part of the set-up differs slightly based on the Illuminate Product your district follow the directions for the appropriate one.   Depending on your authentication server's configuration, domain names can be excluded from the usernames. For Example ('jdoe' vs 'jdoe@district.k12.ca.us').

Please note if this is not configured to your authentication servers preferences, users will not be able to log in. If you are not entirely sure which product your district uses, please contact your District System Administrator or your Illuminate Implementation Manager.

Illuminate Student Information (ISI)

Your usernames in ISI must match the usernames in your authentication server.  Please review the User Management Page to verify this is indeed the case.  If you notice this is not the case, you may either update one user at a time (which is okay for a few users) or you may follow these steps below to perform a mass update:

  1. On the Illuminate Downloads page (https://www.illuminateed.com/downloads/) you can find a copy of our Core Data Specs (https://docs.google.com/spreadsheets/d/18bF3dnEhC47JjtXIHgkBKH3NH9lp1UA_aNoFbso_mHk/pubhtml#), which includes an import template for the user.txt you can edit to do a mass update.
  2. Save your user.txt file as a tab-delimited text file.  Compress it as a ZIP.  Note, the import file must be named “user.txt” or else it will fail to import.
  3. You may upload the file using the Core Data Import and Validation tool found under the Admin Cog in ISI.
  4. You may use your usual upload profile to perform this import.  You may either run it later that night (recommended) or within the next 10 minutes.  Running it set as “Run Now” will pull your district into import mode.  Please be aware this will shutdown user access to Illuminate as your data is imported.  Make sure to check you are updating users   If you are not familiar with the Core Data Import and Validation tool, please call Illuminate Support.
  5. The next day or when your import completes, please view the results in the Core Data Import Log.  Please make the necessary adjustments to your user.txt and try your upload again.  Otherwise proceed to the next step.

Note: Illuminate does not accept > < * characters.

Illuminate Data and Assessment (DnA) or Illuminate Special Education (ISE)

Your usernames in DnA/ISE must match the usernames in your authentication server.  If your users already log in using remote authentication for your Student Information System, you may pull data from your SIS and import it into your Illuminate system.  If this is not the case, you may verify if your authentication server’s usernames match those present in Illuminate in Illuminate’s User Management page.

Please note the steps below only apply to Districts who already have remote authentication setup for their SIS.  If your data is already synced through your nightly automation, please verify if your user.txt file is imported nightly and if the usernames reflect what is present in your authentication server.

  1. On the Illuminate Downloads page (https://www.illuminateed.com/downloads/) you can find a copy of our Core Data Specs (https://docs.google.com/spreadsheets/d/18bF3dnEhC47JjtXIHgkBKH3NH9lp1UA_aNoFbso_mHk/pubhtml#), which includes an import template for the user.txt you can edit to do a mass update.
  2. You may pull your data from your SIS.  Please note it is your responsibility to pull your data from your SIS.  If you need assistance, please contact Illuminate Support.
  3. Save your user.txt file as a tab-delimited text file.  Compress it as a ZIP.  Note, the import file must be named “user.txt” or else it will fail to import.
  4. You may upload the file using the Core Data Import and Validation tool found under the Admin Cog in ISI.
  5. You may use your usual upload profile to perform this import.  You may either run it later that night (recommended) or within the next 10 minutes.  Running it set as “Run Now” will pull your district into import mode.  Please be aware this will shutdown user access to Illuminate as your data is imported.  Make sure to check you are updating users   If you are not familiar with the Core Data Import and Validation tool, please call Illuminate Support.
  6. The next day or when your import completes, please view the results in the Core Data Import Log.  Please make the necessary adjustments to your user.txt and try your upload again.  Otherwise proceed to the next step.

If your user.txt is not already set to automate, you may speak with Illuminate Support to set that up.  By automating with your LDAP enabled SIS, you will be able to sync your new users on a nightly basis.

Note: Illuminate does not accept > and < characters.

IV. Redundancy

If your authentication server goes offline, then your users will be unable to login to the Illuminate system.  It is recommended to provide more than one authentication server that the Illuminate system will automatically failover to in case the primary is unavailable.

V. Configuration

The configuration information at the bottom of this document needs to be filled out. This includes a username and password for us to test the authentication configuration, as well as connection information for your authentication server.

VI. Test Environment

With the information below we will set up a copy of your Illuminate site to create a testing environment You will be asked to verify that Remote Authentication is working in this testing environment.

VII. Schedule

Once verified, a date and time will be set to enable remote authentication on your live environment. Please notify your users of this change and make sure they are aware their former login credentials will no longer be valid.  It is best to wait until Remote Authentication has been verified before setting this date.

Configuration Forms (ISI/DNA/ISE)

There are various configurations that Illuminate supports for Users and/or Student Portal. Whether using LDAP or Radius (PAP), certain information will need to be provided to complete the setup process accordingly.

DNA / ISI / ISE User LDAP Configuration:

The following information will need to be provided:

  • LDAP Server Hostname:
  • LDAP Server IP Address:
  • Encryption (STARTTLS or SSL is Required):

If using a self signed certificate, we will also need a valid copy of your Root Certificate Authority cert file used to generate the certificate. This is not the same as your normal certificate:

  • LDAP Port (Typically TCP ports 389 for StartTLS or 636 for SSL):
  • Account DN Lookup Username:
  • Account DN Lookup Password:
  • Account Domain:
  • Base DN:
  • Account Filter / Field (uid, sAMAccountname, etc):
  • Test Account Username:
  • Test Account Password:

DNA / ISI / ISE User Radius (PAP) Configuration:

The following information will need to be provided:

  • Radius Server Address: 
  • Radius Server Port (Typically UDP ports 1812 or 1645):
  • Shared Secret: 
  • Test Account Username:
  • Test Account Password:

Student Portal LDAP Configuration

Student Portal is an optional additional Illuminate product.  If you wish to also setup Remote Authentication for students via portal, please also fill out the following details. Otherwise leave blank and the system will allow the creation of temporary passwords for students.

The following information will need to be provided:

  • Student Login ID Type (Username, E-Mail or Student ID):

If using a Login ID other than Student ID, it is required that the username is included with the Student Portal Username file used by our import tools:

  • LDAP Server Hostname:
  • LDAP Server IP Address:
  • Encryption (StartTLS or SSL is Required):

If using a self signed certificate, we will also need a valid copy of your Root Certificate Authority cert file used to generate the certificate. This is not the same as your normal certificate:

  • LDAP Port (Typically TCP ports 389 for StartTLS or 636 for SSL):
  • Account DN Lookup Username:
  • Account DN Lookup Password:
  • Account Domain:
  • Base DN:
  • Account Filter / Field (uid, sAMAccountname, etc):
  • Test Account Username:
  • Test Account Password:

Student Portal Radius (PAP) Configuration:

The following information will need to be provided:

  • Radius Server Address: 
  • Radius Server Port (Typically UDP ports 1812 or 1645):
  • Shared Secret: 
  • Nas IP Address:
  • Test Account Username:
  • Test Account Password:

Next Steps

When ready with the appropriate information, contact Illuminate Support at help@illuminateed.com to assist with the setup process. Feel free to include your Implementation Manager in such communication.