> ## Documentation Index
> Fetch the complete documentation index at: https://infisical-pam-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# LDAP Overview

> Learn how to authenticate into Infisical with LDAP.

<Note>
  LDAP authentication requires [Email Domain Verification](/documentation/platform/email-domain).
  You must verify your organization's email domain before users can log in via LDAP.
</Note>

<Info>
  LDAP is a paid feature.

  If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
  then you should contact [sales@infisical.com](mailto:sales@infisical.com) to purchase an enterprise license to use it.
</Info>

You can configure your organization in Infisical to have members authenticate with the platform via [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol).

LDAP providers:

* Active Directory
* [JumpCloud LDAP](/documentation/platform/ldap/jumpcloud)
* [Google Workspace Secure LDAP](/documentation/platform/ldap/google-workspace)
* AWS Directory Service
* Foxpass

Read the general instructions for configuring LDAP [here](/documentation/platform/ldap/general).

If the documentation for your required identity provider is not shown in the list above, please reach out to [support@infisical.com](mailto:support@infisical.com) for assistance.

## FAQ

<AccordionGroup>
  <Accordion title="Why does Infisical require additional email verification for users connected via LDAP?">
    By default, Infisical Cloud is configured to not trust emails from external
    identity providers to prevent any malicious account takeover attempts via
    email spoofing. Accordingly, Infisical creates a new user for anyone provisioned
    through an external identity provider and requires an additional email
    verification step upon their first login.

    If you're running a self-hosted instance of Infisical and would like it to trust emails from external identity providers,
    you can configure this behavior in the Server Admin Console.
  </Accordion>
</AccordionGroup>
