Use a corporate directory (LDAP)
Set up a corporate directory to sync your Microsoft Active Directory or Open LDAP directory to all your phones.
The following configuration is advanced. You should be familiar with LDAP and work closely with your directory admin during setup.
Note: Corporate directories are only supported on Cisco MPP, Cisco SPA, Polycom, Snom, VTech, and Yealink devices. All other devices need to be set up manually per the manufacturer’s specifications.
GoTo Admin
If you're an admin who signs in at https://admin.goto.com, these steps are for you.
Add a corporate directory
- Sign in to GoTo Admin.
- From
Phone system > Utilities > Directories, select Add directory and then choose Corporate from the drop-down menu. - Enter a Name, Host (optional), and Port.
- Select Save.
- Customize the settings as desired.
What to do next: If your organization has multiple directories, you can add each of them, designate one as the system default, and then override that default on individual devices as needed.
Customize directory settings
Below is a list of all the corporate directory settings and their descriptions.
| Setting | Description |
|---|---|
| Name | The name used to identify the directory in the admin portal. |
| Host | Host DNS name or IP address of the directory server. Devices must be able to resolve this address since the searches are executed directly from the phone to the directory server. |
| Port | The default LDAP port is 389. It is unusual for this value to be different. LDAPS is not always supported. As a result, make sure to use a username with read-only access. If LDAPS is deployed, the correct port will need to be entered (usually 636). |
| Use TLS | Enable this setting to use LDAP over Transport Layer Security (TLS). This is only supported on Polycom devices and where the LDAP server has a valid certificate. |
| Bind DN | The distinguished name (DN) with which devices will bind (authenticate). |
| Bind Password | Password required for the phone to authenticate as the given Bind DN.
Note: LDAPS is only supported on Polycom phones and only if an appropriate certificate (view the Certificate tab) is uploaded. Unless an appropriate certificate has been uploaded, the bind password will be sent in clear text across the network. If you do not have a valid certificate, it is highly recommended that the bind DN should be a read-only user. Certificates are only usable on Polycom devices. On all other manufacturers handsets, the bind password will ALWAYS be sent in clear text. Failure to use credentials with read-only access can lead to the directory service being compromised.
|
| Search Base | Directory location where searches will be based. We recommend using a narrow search base. The impact of the searches can be minimized by using a more specific search base. (e.g., "ou=Users,dc=example,dc=com" is better than "dc=example,dc=com"). |
| Search Scope | Depth of the search through the directory tree.
|
| Filter — Optional | Filter added to all searches made by the devices against the directory server. We recommend using a narrow filter. Defining a filter like “(objectclass=person)” can significantly reduce search load in certain directory implementations. |
| Display Name Attribute | Attribute used as the name in results returned to the device in searches. Used for Cisco/Linksys SPA devices. For Polycom SoundPoint IP devices, the results are displayed [Last Name Attribute], [First Name Attribute]. |
| First Name Attribute | Attribute that contains the first name in the directory. Devices will also filter against this attribute in searches. |
| Last Name Attribute | Attribute that contains the last name in the directory. Devices will also filter against this attribute in searches. |
| Phone Number Attributes | A comma separated list of phone number attributes in the directory. In the case of Cisco/Linksys SPA devices, the first listed phone number is the only number that the device can directly dial. The rest are only displayed for informational purposes. |
| Certificates — Only Polycom devices support the use of certificates to enable LDAP using TLS |
|
Set default system directory
- Sign in to GoTo Admin.
- From
Settings > Phones > Calls, use the drop-down menu to choose the desired Corporate Directory. - Select Save when finished.
Override directory on a phone
- Sign in to GoTo Admin.
- From
Devices, select the desired phone. - From , disable Use system default and then use the drop-down menu to select the right corporate directory.
- Select Save and then resync the device to apply the changes.
PBX Administration (classic)
If you're an admin who signs in at https://my.jive.com/pbx, these steps are for you.
Add a corporate directory
- Sign in to PBX Administration (classic).
- From the left navigation menu, select .
- Enter a Name, Host (optional), and Port.
- Select
and then customize the settings.
What to do next: If your organization has multiple directories, you can add each of them, designate one as the system default, and then override that default on individual devices as needed.
Customize directory settings
Below is a list of all the corporate directory settings and their descriptions.
| Setting | Description |
|---|---|
| Name | The name used to identify the directory in the admin portal. |
| Host | Host DNS name or IP address of the directory server. Devices must be able to resolve this address since the searches are executed directly from the phone to the directory server. |
| Port | The default LDAP port is 389. It is unusual for this value to be different. LDAPS is not always supported. As a result, make sure to use a username with read-only access. If LDAPS is deployed, the correct port will need to be entered (usually 636). |
| Use TLS | Enable this setting to use LDAP over Transport Layer Security (TLS). This is only supported on Polycom devices and where the LDAP server has a valid certificate. |
| Bind DN | The distinguished name (DN) with which devices will bind (authenticate). |
| Bind Password | Password required for the phone to authenticate as the given Bind DN.
Note: LDAPS is only supported on Polycom phones and only if an appropriate certificate is uploaded. Unless an appropriate certificate has been uploaded, the bind password will be sent in clear text across the network. If you do not have a valid certificate, it is highly recommended that the bind DN should be a read-only user. Certificates are only usable on Polycom devices. On all other manufacturers handsets, the bind password will ALWAYS be sent in clear text. Failure to use credentials with read-only access can lead to the directory service being compromised.
|
| Search Base | Directory location where searches will be based. We recommend using a narrow search base. The impact of the searches can be minimized by using a more specific search base. (e.g., "ou=Users,dc=example,dc=com" is better than "dc=example,dc=com"). |
| Search Scope | Depth of the search through the directory tree.
|
| Filter — Optional | Filter added to all searches made by the devices against the directory server. We recommend using a narrow filter. Defining a filter like “(objectclass=person)” can significantly reduce search load in certain directory implementations. |
| Display Name Attribute | Attribute used as the name in results returned to the device in searches. Used for Cisco/Linksys SPA devices. For Polycom SoundPoint IP devices, the results are displayed [Last Name Attribute], [First Name Attribute]. |
| First Name Attribute | Attribute that contains the first name in the directory. Devices will also filter against this attribute in searches. |
| Last Name Attribute | Attribute that contains the last name in the directory. Devices will also filter against this attribute in searches. |
| Phone Number Attributes | A comma separated list of phone number attributes in the directory. In the case of Cisco/Linksys SPA devices, the first listed phone number is the only number that the device can directly dial. The rest are only displayed for informational purposes. |
| Certificates — Only Polycom devices support the use of certificates to enable LDAP using TLS |
|
Set default system directory
- Sign in to PBX Administration (classic).
- From , use the drop-down menu to choose the desired Corporate Directory.
- Select Save.
Override directory on a phone
- Sign in to PBX Administration (classic).
- From the left navigation menu, select Devices and then choose the desired phone.
- From , set the Corporate Directory field to Use and then choose the desired Corporate Directory.
- Select Save.
- Power cycle the device(s) to apply the changes.
Article last updated: 7 April, 2025
