qliqdirect Active Directory Guide



Similar documents
QliqDIRECT Active Directory Guide

Integrating LANGuardian with Active Directory

AVG Business Secure Sign On Active Directory Quick Start Guide

VMware Identity Manager Administration

Active Directory Self-Service FAQ

AVG Business SSO Connecting to Active Directory

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

OneLogin Integration User Guide

A Guide to New Features in Propalms OneGate 4.0

Getting Started with Clearlogin A Guide for Administrators V1.01

Protected Trust Directory Sync Guide

Configuring Sponsor Authentication

Password Reset PRO INSTALLATION GUIDE

Employee Active Directory Self-Service Quick Setup Guide

POP3 Connector for Exchange - Configuration

RoomWizard Synchronization Software Manual Installation Instructions

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles

Installation Steps for PAN User-ID Agent

Virto Password Reset Web Part for SharePoint. Release Installation and User Guide

NETASQ ACTIVE DIRECTORY INTEGRATION

Preparing for GO!Enterprise MDM On-Demand Service

Managing users. Account sources. Chapter 1

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

How To - Implement Single Sign On Authentication with Active Directory

Security Provider Integration Kerberos Authentication

Configuration Guide. BES12 Cloud

Important Information

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

LockoutGuard v1.2 Documentation

Deploying RSA ClearTrust with the FirePass controller

NSi Mobile Installation Guide. Version 6.2

Introduction to Directory Services


How to Migrate to MailEnable using the Migration Console

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Basic Exchange Setup Guide

How-to: Single Sign-On

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Activity 1: Scanning with Windows Defender

How To - Implement Clientless Single Sign On Authentication with Active Directory

ManageEngine Desktop Central. Mobile Device Management User Guide

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Managing Identities and Admin Access

BlackBerry Enterprise Service 10. Version: Configuration Guide

Quick Start Guide Sendio Hosted

Sophos Mobile Control SaaS startup guide. Product version: 6

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

NETWRIX ACCOUNT LOCKOUT EXAMINER

In this topic we will cover the security functionality provided with SAP Business One.

AVG Business SSO Partner Getting Started Guide

SurfCop for Microsoft ISA Server. System Administrator s Guide

IIS SECURE ACCESS FILTER 1.3

Cloud Services ADM. Agent Deployment Guide

Password Reset PRO. Quick Setup Guide for Single Server or Two-Tier Installation

Migrating helpdesk to a new server

VMware Identity Manager Connector Installation and Configuration

Neoteris IVE Integration Guide

Request Manager Installation and Configuration Guide

Sonian Getting Started Guide October 2008

SECURE MESSAGING PLATFORM

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Administrators Help Manual

Configuration Guide BES12. Version 12.2

Sophos Mobile Control Installation guide. Product version: 3

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configuration Guide BES12. Version 12.3

McAfee Directory Services Connector extension

Defender Token Deployment System Quick Start Guide

Toll Free: International:

Configuration Guide BES12. Version 12.1

Microsoft Outlook 2010

SOA Software: Troubleshooting Guide for Agents

Accessing TP SSL VPN

Nevepoint Access Manager 1.2 BETA Documentation

System Administration Training Guide. S100 Installation and Site Management

Service Overview & Installation Guide

F-SECURE MESSAGING SECURITY GATEWAY

Basic Exchange Setup Guide

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Flexible Identity Federation

Customer Tips. Basic Configuration and Troubleshooting. for the user. Overview. Basic Configuration. Xerox Multifunction Devices.

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

User Guide. Version R91. English

Configuring an Client to Connect to CASS Mail Servers

Configuring the Samsung SDS CellWe EMM cloud connector

Hosted Microsoft Exchange Client Setup & Guide Book

Core Protection Suite

NovaBACKUP xsp Version 15.0 Upgrade Guide

8.7. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.7. Contents

Migration Manual (For Outlook Express 6)

Neoteris IVE Integration Guide

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Cloudwork Dashboard User Manual

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

What is the Barracuda SSL VPN Server Agent?

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Transcription:

qliqdirect Active Directory Guide qliqdirect is a Windows Service with Active Directory Interface. qliqdirect resides in your network/server and communicates with qliqsoft cloud servers securely. qliqdirect connects to the Active Directory Server and performs Directory Sync and User Authentication Services for the qliqconnect secure messaging service. qliqdirect Network Diagram

Before you can use qliqdirect as Active Directory connector, you must first install qliqdirect on any Windows Server that can connect to Active Directory Servers. Installation 1. Download the qliqdirect from your qliqconnect Admin Web Console.

2. Once you download and install the application, you need to enter the qliqconnect Admin s credentials to setup the qliqdirect application. This needs to be done only once during installation. Once the service is installed, it will be started with the Windows System and stays connected.

3. The qliqdirect is a HTTP Server that takes the requests on Port 8090 by default. You can change the port to your choice. qliqdirect Active Directory Configuration Following screen show the qliqdirect Configuration when you launch qliqdirect Manager. You must enable the Active Directory integration before you can set the configuration.

Hostname : The domain or IP address of the Active Directory Domain Controller. This IP/Domain must be reachable. Username : The Active Directory Admin s username. This username you normally use to manage Active Directory Password : Password for the Active Directory Admin s username. Sync Group: qliqdirect queries Active Directory for all the users and groups belonging to the Sync Group. When you add an existing Active Directory group (Security or Distribution Group) to the Sync Group, the group as well as the members of the group are synced with the qliqconnect server. When you click on TEST button, you can see the sample results of the query that qliqdirect will perform to sync the users and groups. Please cross verify the results with the objects in the Active Directory. Before you proceed further, you should click on Test button next to Password and the Test button next to Sync Group to verify the settings.

Click on Show advanced settings to show the options below.

Sync interval: The polling interval that the qliqdirect contacts the Active Directory Server to check for changes to the directory. If the interval is too long, it takes more time to sync the changes to users to the qliqconnect servers. Auto Accept New Users: New users discovered in the sync process are "Staged" in the qliqconnect server. With Auto Accept unchecked, admin has to login to web Admin Dashboard and accept the new users from the Staged Users list on User List page. Once the new user is accepted, the user receives an email invitation to download qliqconnect app. If you check the Auto Accept flag, the users will be automatically accepted by the qliqconnect server and the user will receive the email invitation.

Sync Thumbnail Pictures: qliqdirect can sync the profile image from either thumbnailphoto or jpegphoto attribute of the Active Directory user. The sync process will be slower when you enable this flag since the images are retrieved and uploaded for each user along with the user information. Change password URL: If you have a Portal that is used for user password self service, you can set that URL here. When the user s password has expired and the user tries to login, the qliqconnect application directs the user to the URL so that user can change the password and proceed to login to the qliqconnect app. If the URL is only accessible on the intranet, the user will not be able to change the password from the public network unless the user is connected to intranet over a VPN. Forgot password URL: If the user mistypes of enters a wrong password, the qliqconnect app presents this URL so that user can reset the password. This URL could be same as Change password URL depending on how you have setup password management portal. Reset local sync database: qliqdirect maintains SQLite DB of all the synced data from active directory. This helps the qliqdirect to efficiently find the changes between the previously synced data and current changes in the Active Directory. You may need to reset the data incase you want to start over the sync process. Make sure that you Test Advanced settings. Particularly when you have changed search filter. The qliqdirect uses the search filter and queries the Active Directory. If the search filter is good, you would get some data (upto 10 records). If there is a syntax error or if the search filter is too restrictive, you may not get any results. Once you complete the configuration, make sure that you save it by clicking Save button. This completes AD setup. Now you can see the synced users on qliqconnect Admin dashboard. Please login with Group Admin s credentials to qliqsoft.com You will see new tab called Staged with the synced directory entries if have turned off Auto Accept New Users. Otherwise you will see them in the members tab.

Here you can either accept them as qliqconnect users or remove them. When you accept them, they will receive an email invitation with instructions on downloading qliqconnect application and using the App. AD Attributes exported to qliqconnect Server First Name Middle Name Last Name Title Department Work Phone Number Mobile Phone Number Primary Email Address Profile Picture Groups

AD Attributes to check for account status pwdlastset useraccountcontrol msds-user-account-control-computed Based on these values, following statuses are synced account-disabled (1) account-locked password-changed (2) password-expired (1) Account will be deleted from Qliq when account-disabled status is set. (2) When the password changed, the user can use old password for upto an hour. This is AD issue. Firewall Requirements qliqdirect acts like an Internet client accessing cloud services. qliqdirect does not listen on any TCP/UDP port. However, if you have installed qliqdirect behind a firewall (most likely), you must let qliqdirect connect to the qliqsoft servers in the cloud. Please whitelist following domains/ports on your firewall: Monitoring webprod.qliqsoft.com port 443 msg.qliqsoft.com port 443 qliqdirect is a Windows service. It starts when the Windows Server is restarted and keeps running until the service is either stopped manually or the Server is shut off. However, qliqdirect could be stalled or stopped due to resource exhaustion or a software bug. If you have a service monitoring software, add qliqdirect to Enterprise monitored service. qliqdirect has internal monitoring mechanism that sends emails to Admin in case of issues with the service. When there is an issue with connecting to Active Directory Server, you might receive following email:

qliq account behavior for AD account status After the AD account has been added to qliq, the data is synced with qliq cloud server. The fields are described in AD Attributes exported to qliqconnect Server table. The other considerations do affect the user experience with the app. AD Account is disabled The account could be disabled by the AD administrator. This would cause the account to be removed from the group. The user can no longer communicate with anyone in the group and no one from the group can communicate with the disabled user. AD Account Locked The user account could be locked when user attempts to login with invalid password and exceeds maximum tries. When AD Account is Locked, the user is forced logged out of qliq application and the account has to be unlocked in AD before user will be able to login to qliq application again. AD Password Changed User or Helpdesk can change the AD password at anytime. This causes qliq to logout the user from the app forces the user to enter the new password. NOTE: AD allows User to use old password for up to one hour. AD Password Expired When the password expires in AD, the user is logged out of the qliq application. Until the user sets up new password, and logs in with the password, user cannot access qliq application. If the Change Password URL is specified in the qliqdirect manager, qliq application redirects the user to the URLl for user to get help to reset the password.

Troubleshooting If you are not seeing the Active Directory users in qliqsoft cloud servers please check following: 1. Turn off Windows Firewall if it is running 2. Test the AD connectivity. 3. Test Sync Group and make sure that the sample users and groups appear in the output. 4. Make sure that the AD Admin has the permissions to query Active DIrectory for Groups and Members. 5. Check the Event Log to see for Errors and Warnings. The data not complete or invalid can cause the AD users not sync to qliqsoft servers. 6. Check if Network Firewall is not blocking the traffic to qliqsoft s servers. Please review the Firewall Requirements section for domains and ports that need to whitelisted in the firewall. 7. Old password still works on AD password change. This is an Active Directory flaw, not an qliq issue. You can refer to MS KB Article ID 906305 http://support.microsoft.com/kb/906305 NTLM (NT LAN Manager) is a Microsoft authentication protocol used to authenticate clients in various Microsoft network protocol implementations, including Active Directory, Exchange Server services (POP3, IMAP, SMTP), SMB, etc. Windows Server modifies the NTLM network authentication behavior in such a way that users can use their old password to access network resources for a definite amount of time after the password is changed. This is also the case for LDAP authentication into Microsoft Active Directory. The period of time for which the old password will be active is configured by editing a registry key on the domain controller; its default value is set to an hour. This "feature" only applies to network access and to domain user accounts. The domain controller will not allow interactive logon with the old password. Which means, the old password is still good for mapping a network drive using IP address (when using a machine name NTLM is not involved as Kerberos authentication occurs), logging into any application that uses NTLM, logging into Active Directory through LDAP functions, etc. This behavior is described in article 906305 of the Microsoft Knowledge Base. It is also noted in the article that no security weakness is caused by this kind of behavior as long as only one user knows both passwords.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information