Active Directory
Last updated
Last updated
In this article, we illustrate how to properly set up the Active Directory functionality of the admin portal. Whether you utilise on-premises Active Directory or you are dependent in one from the cloud (Azure AD), by enabling this option, the CYBERAWARE SECURITY platform will retrieve and synchronise your groups and recipients accordingly.
Prerequisites (Only for Azure AD Domain Services):
Before you can integrate an Active Directory using Azure AD Domain Services, please make sure to visit and establish either of the following:
1. As a reference point, let's have a look at our Groups and Recipients. Before synchronisation, they are both empty:
2. Navigate to Active Directory:
3. Go ahead and select the Enable AD Synchronisation option:
You should get the following output:
4. Click on the AD Sync installer.msi in order to download it. You'll later need to install it.
After the installation, this service tool will be used to synchronise both ends, our platform's client with your AD server.
5. When enabling the Active Directory Synchronisation, you will be deprived of the opportunity for manual creation of groups and recipients. To be able to once again have the ability to manually create groups and recipients, click on the indicated buttons shown below:
6. Before you Confirm, copy, and essentially store temporarily the provided configuration key; you'll be required to use it when setting up the config file for the sync service (we will discuss this further down the line).
7. On the confirmation prompt that pops up, select to Confirm or Cancel accordingly:
8. If you’ve confirmed the action, click OK to proceed:
9. As we can see, the Active Directory Synchronisation has been enabled!
10. Now, let's go ahead and open up the installer you've downloaded earlier in order to install the sync service.
You will be prompted with the Setup Wizard:
11. To continue, click on Next:
You will be met with the End-User License Agreement:
12. Accept the terms and select Next:
13. Choose the destination for your folder and click on Next to proceed accordingly:
14. Click on Install to finally install the machine:
15. Untick the box to avoid launching the AD Sync Manager as we are yet to set up the config file. Click Finish to close the window.
16. Finally, navigate to the directory/path you've chosen during the installation steps and open up the config file:
In this instance, we are using notepad to open it. As always, you may use any text editor you might prefer.
17. When the file opens up, you will come across the following configuration:
18. It is a must to edit and fill the following fields:
Please refer to the table below for more:
Attributes | Details |
---|---|
workspace_key | This is the configuration key we've previously stored when enabling the Active Directory Synchronisation. |
[ldap] - host | If the organisation is using a local machine to run the Active Directory role, you should add its IP. Otherwise, if your Active Directory runs on top of Azure, you should add the external IP address (public) or the FQDN of the Active Directory Services. Use localhost if the tool is installed on the Domain Controller. |
[ldap] - port | Could be port 389 or 636 for a local setup. For Azure AD, you can only use port 636. |
[ldap] - user | For an on-premises configuration, this is the username of the profile you are using to administer Active Directory. If you are rather managing Azure Active Directory Services, you should leave this attribute blank. |
[ldap] - pass | This is the password required to gain access to the admin role. |
[ldap] - enable_tls | Assuming you are using port 636, for secure ldap (ldaps), the value of this attribute should be set to true, otherwise you should leave it as its default (false). |
[ldap] - #bind_str | This attribute is a comment by default. It should only be uncommented if you are using Azure. It can take parameters such as the user managing the Azure AD, his/her group, and the domain. |
[ldap.ad] - base_dn | Here, you should add the domain as a parameter. It should match the one you've added in the bind_str attribute. |
19. It is recommended to edit the following fields as well, but they are optional:
You may essentially exclude groups which aren't needed, such as the group of enterprise admins, etc.
20. After saving the changes, go ahead and load the manager application that exists within the same folder:
The following window should then pop up:
21. Click on the Start service button to start the service:
22. The service is now Running as expected!
23. After some time, when the synchronisation is complete, we may distinguish that the changes have been applied. Groups and Recipients sections should now appear updated:
24. As always, you may disable the Active Directory Synchronisation feature from the button shown below:
25. On the prompt that will pop up, press on Disable or Cancel accordingly:
26. At the last confirmation, click OK to finalise.