Active Directory and LDAP integration connects enterprise identity infrastructure with digital signage. Employee directories from AD power interactive lobby kiosks. SSO through Azure AD/SAML simplifies management access. AD group membership drives role-based content targeting — different departments see different information on their floor's screens. SpinetiX connects to AD through HUB-mediated LDAP queries and standard SAML/SSO for management platforms.
Integration Use Cases
Employee Directory Kiosks
Lobby touch kiosks query AD for employee records: name, title, department, office number, and photo. Visitors search for the person they're visiting, see their location on a wayfinding map, and get directions. The directory is always up-to-date because it reads from the live AD — new employees appear automatically, departed employees disappear.
SSO for Management Platforms
Arya cloud integrates with enterprise SSO providers through SAML 2.0. Users authenticate via their corporate Azure AD credentials — no separate Arya username/password. This aligns with enterprise security policies (MFA, conditional access, password rotation) and simplifies user lifecycle management.
Role-Based Content
Screens in different zones display content relevant to the audience. AD group membership defines the audience: Finance department screens show financial KPIs. HR screens show recruitment metrics. Marketing screens show campaign performance. Content scheduling rules reference AD groups or OUs for targeting.
Personalized Welcome Screens
When a badge-in event triggers a welcome screen, the system queries AD for the badge holder's name, title, and department. The lobby display shows "Welcome, Dr. Ahmed Al-Rashid — VP of Engineering" — a personal touch powered by live AD data.
Architecture
| Integration | Protocol | Middleware | Data Flow |
|---|---|---|---|
| Employee directory | LDAP → REST | HUB or LDAP gateway | AD → HUB → JSON → Player |
| SSO authentication | SAML 2.0 | None (Arya-native) | IdP → Arya → User session |
| Role-based content | Group query | HUB | AD groups → scheduling rules |
| Badge welcome | Access control API | Custom middleware | Badge → API → RPC → Player |
Key Parameters
| Parameter | Value | Why It Matters |
|---|---|---|
| Directory protocol | LDAP / LDAPS | Standard enterprise directory access |
| SSO protocol | SAML 2.0 | Enterprise SSO standard |
| Data privacy | LDAP query filter | Only fetch needed attributes |
| Cache | Local JSON cache on player | Offline directory availability |
| Photo support | AD thumbnailPhoto attribute | Employee photos on directory kiosks |
Common Mistakes
- Exposing LDAP directly to players. Players shouldn't query LDAP directly — it exposes AD credentials on the player. Use HUB as a secure LDAP proxy that queries AD and serves sanitized JSON to players.
- No LDAP query filter. Querying the entire AD tree for a directory kiosk is slow and returns unnecessary data (service accounts, disabled users). Filter queries to show only active employee accounts.
- Stale directory cache. If directory data is cached on the player and the cache doesn't refresh, departed employees remain visible. Refresh every 1–4 hours for directories.
- Missing privacy consideration. Employee photos and office locations displayed on public lobby kiosks may violate privacy policies. Confirm GDPR/privacy compliance and employee consent before displaying personal information publicly.