Setting up Bitrix24 integration with LDAP/Active Directory

Our company is engaged in the development, support and maintenance of Bitrix and Bitrix24 solutions of any complexity. From simple one-page sites to complex online stores, CRM systems with 1C and telephony integration. The experience of developers is confirmed by certificates from the vendor.
8+Years of work900+Completed projects100+In house employees19+Partners
Offered services
Showing 1 of 1 servicesAll 1626 services
Setting up Bitrix24 integration with LDAP/Active Directory
Simple
~1 business day
FAQ
Our competencies:
Development stages
Latest works
  • image_website-b2b-advance_0.png
    B2B ADVANCE company website development
    1175
  • image_bitrix-bitrix-24-1c_fixper_448_0.png
    Website development for FIXPER company
    811
  • image_bitrix-bitrix-24-1c_development_of_an_online_appointment_booking_widget_for_a_medical_center_594_0.webp
    Development based on Bitrix, Bitrix24, 1C for the company Development of an Online Appointment Booking Widget for a Medical Center
    564
  • image_bitrix-bitrix-24-1c_mirsanbel_458_0.webp
    Development based on 1C Enterprise for MIRSANBEL
    747
  • image_crm_dolbimby_434_0.webp
    Website development on CRM Bitrix24 for DOLBIMBY
    655
  • image_crm_technotorgcomplex_453_0.webp
    Development based on Bitrix24 for the company TECHNOTORGKOMPLEKS
    976
Show more works

Bitrix24 Integration with LDAP/Active Directory Setup

At a company with 200 employees, HR adds a new person to Active Directory, then separately creates an account in Bitrix24, then manually adds them to the right department and groups. On termination — the same in reverse. After six months, 30 "dead" accounts hang in B24, and a new manager spends their second week without CRM access because the account creation request was lost. LDAP integration solves this: one source of truth — Active Directory, Bitrix24 syncs automatically.

Requirements and Limitations

LDAP integration is available only for Bitrix24 on-premise (boxed version). Cloud B24 does not support direct LDAP connection — for cloud, SSO solutions are used (SAML, OAuth).

What you need to connect:

Parameter Value
LDAP Server IP or FQDN of domain controller
Port 389 (LDAP) or 636 (LDAPS)
Base DN DC=company,DC=local
Bind DN Service account with directory read rights
Protocol LDAP v3
Encryption LDAPS (port 636) or STARTTLS

Service account should not be domain administrator. Read permissions on objects in needed OUs are sufficient.

LDAP Connector Setup

In Bitrix24 admin: Settings → LDAP Servers → Add. Connection parameters:

  • Server — domain controller address. For redundancy, multiple controllers can be listed separated by space.
  • Base DN — root container for user search. If users are in multiple OUs — configure multiple LDAP connections or use Base DN one level above.
  • User Filter — LDAP filter for selection: (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) — active users, excluding disabled accounts.
  • Field Mapping — correspondence of LDAP attributes to B24 fields: sAMAccountName → login, mail → email, displayName → name, department → department, telephoneNumber → work phone.

Group and Department Synchronization

LDAP groups map to Bitrix24 groups. A user added to group Sales in AD automatically gets into "Sales Department" group in B24. Mapping is set in LDAP server settings: group fieldmemberOf, binding to B24 groups → by name or ID.

Departments sync via department attribute or OU structure. If AD has OU OU=Marketing,OU=Users,DC=company,DC=local — users from this container go to "Marketing" department in B24.

Automatic Deactivation

Key task — timely block access of terminated employee. During LDAP sync, connector checks account status in AD:

  • Account disabled (flag ACCOUNTDISABLE in userAccountControl) → user deactivated in B24.
  • Account deleted from AD → user deactivated in B24 on next sync.
  • Account moved to terminated OU → if OU not in Base DN, user also deactivated.

Sync runs on schedule via cron agent of LDAP module. Recommended interval — every 15-30 minutes. For critical cases (termination with immediate blocking) — manual sync or direct deactivation in B24.

What We Configure

  • LDAP server connection with encryption (LDAPS/STARTTLS)
  • Mapping of AD attributes to Bitrix24 profile fields
  • Filters for selecting needed users and excluding service accounts
  • Synchronization of AD groups with B24 groups and departments
  • Automatic deactivation when blocked/deleted in AD
  • Cron schedule setup for synchronization
1C Bitrix presentation1C Bitrix24 presentation1C Enterprise presentation