Protected Trust Directory Sync Guide

Similar documents
Group Management Server User Guide

SharePoint AD Information Sync Installation Instruction

OneLogin Integration User Guide

Appendix E. Captioning Manager system requirements. Installing the Captioning Manager

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

RoomWizard Synchronization Software Manual Installation Instructions

Integrating LANGuardian with Active Directory

Basic Exchange Setup Guide

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

Security Assertion Markup Language (SAML) Site Manager Setup

Chapter 10 Encryption Service

Installation and Configuration Guide

Basic Exchange Setup Guide

Mobile device management

User Management Tool 1.6

LepideAuditor Suite for File Server. Installation and Configuration Guide

Kaseya 2. User Guide. Version 1.1

VMware Identity Manager Administration

Configuring User Identification via Active Directory

Getting Started with Clearlogin A Guide for Administrators V1.01

Integrating ConnectWise Service Desk Ticketing with the Cisco OnPlus Portal

Using etoken for Securing s Using Outlook and Outlook Express

Installation Guide v3.0

Synchronization Agent Configuration Guide

qliqdirect Active Directory Guide

WatchDox for Windows User Guide. Version 3.9.0

Hyperoo 2.0 A (Very) Quick Start

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

User s Manual. Management Software for ATS

Managing Identities and Admin Access

Managing users. Account sources. Chapter 1

Coveo Platform 7.0. Oracle Knowledge Connector Guide

Egnyte Single Sign-On (SSO) Installation for OneLogin

Configuration Guide for Active Directory Integration

Configuration Guide. BES12 Cloud

Configuring Sponsor Authentication

POP3 Connector for Exchange - Configuration

Special thanks to the following people for reviewing and providing invaluable feedback for this document: Joe Davies, Bill Mathers, Andreas Kjellman


Coveo Platform 7.0. Microsoft Active Directory Connector Guide

User Guide Online Backup

Installing Policy Patrol on a separate machine

Content Filtering Client Policy & Reporting Administrator s Guide

LDAP Synchronization Agent Configuration Guide for

MailEnable Connector for Microsoft Outlook

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Installing and Configuring vcloud Connector

DocAve 4.1 SharePoint Disaster Recovery High Availability (SPDR HA) User Guide

Cloud Services ADM. Agent Deployment Guide

Hansoft LDAP Integration

Active Directory Management. User Interface Guide

TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015

Fus - Exchange ControlPanel Admin Guide Feb V1.0. Exchange ControlPanel Administration Guide

TRITON Unified Security Center Help

BlackBerry Enterprise Service 10. Version: Configuration Guide

User Replicator USER S GUIDE

Security Provider Integration Kerberos Server

CRM Migration Manager for Microsoft Dynamics CRM. User Guide

Introduction to Directory Services

ADFS Integration Guidelines

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

LDAP Synchronization Agent Configuration Guide

ECA IIS Instructions. January 2005

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Broker Portal Tutorial Broker Portal Basics

Simple, Secure User Guide for OpenDrive Drive Application v for OS-X Platform May 2015

Colligo Manager 6.0. Offline Mode - User Guide

NSi Mobile Installation Guide. Version 6.2

Oracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release E

Cox Business Premium Online Backup USER'S GUIDE. Cox Business VERSION 1.0

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

FileMaker Server 11. FileMaker Server Help

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER


How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

MadCap Software. Upgrading Guide. Pulse

i>clicker v7 Gradebook Integration: Blackboard Learn Instructor Guide

Migration Manual (For Outlook 2010)

Upgrade Guide BES12. Version 12.1

Active Directory Integration

Integrating with IBM Tivoli TSOM

Administration Guide. WatchDox Server. Version 4.8.0

SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore

SECURE MOBILE ACCESS MODULE USER GUIDE EFT 2013

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

User Guide. Version R91. English

User Migration Tool. Note. Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1) 1

Using LDAP Authentication in a PowerCenter Domain

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

NTP Software VFM Administration Web Site for EMC Atmos

IPedge Feature Desc. 5/25/12

QUANTIFY INSTALLATION GUIDE

Installation Guide ARGUS Symphony 1.6 and Business App Toolkit. 6/13/ ARGUS Software, Inc.

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

Active Directory Management. Agent Deployment Guide

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Transcription:

Protected Trust Directory Sync Guide

Protected Trust Directory Sync Guide 2 Overview Protected Trust Directory Sync enables your organization to synchronize the users and distribution lists in Active Directory with Protected Trust. Directory Sync periodically performs a one-way sync, from Active Directory to Protected Trust. To access your Active Directory data, a light-weight Windows service, called the Protected Trust Connector, is installed in your domain network, as shown below. The Connector may be installed on multiple servers to achieve high availability. Planning Your Directory Sync Strategy As you make decisions on your specific configuration, please keep these points in mind. To synchronize users, Single Sign-on must also be enabled on your Protected Trust account. o Distribution lists can always be synchronized, even without single sign-on. By default, users outside your organization (including guest users) that send a message to a distribution list that has require sender authentication (or similarly-named option) turned off can see the individual members of the distribution list. o To limit this ability to only members of your organization, see the Privacy Consideration in Step 3, under the Filter property. Dynamic distribution lists are not supported. o If a user attempts to send a message to a dynamic distribution list, the sender will receive a non-delivery report via email. At least one Connector must be running and connected for distribution list expansion to happen. o If all Connectors are offline when a user sends a message to a distribution list, the distribution list expansion will be queued and re-tried later. If the DL cannot be expanded, the sender will receive a non-delivery report via email.

Protected Trust Directory Sync Guide 3 Prerequisites Directory sync requires the following software: Windows Server 2008 R2, or later o This may be any server connected to your domain network. Microsoft.NET Framework 4.5 Additionally, configuration will require the following user accounts: Protected Trust API account o Contact Protected Trust Support if you do not have an API user. (Optional) Active Directory service account, with read permissions o This account will be used to retrieve the information from Active Directory. Configuration Installation involves three primary steps: 1. Create an API Access Credential for the API User 2. Install the Protected Trust Connector 3. Configure Directory Sync Step 1. Create an API Access Credential for the API User Before installing the Connector, you will need an API access credential. An access credential consists of a randomly-generated access ID and key pair. The Connector will use this ID and key to authenticate with the Protected Trust service. To create a new access credential: a) Sign-in to the Protected Trust web portal at https://protectedtrust.com/login b) Click User List. c) Find the API user and click on it. d) On the left, click API Access Credentials. e) Under Generate New Access Credential, enter a name, such as AD Directory Sync, and click Generate. You will need to enter the access ID and key later, while installing the Connector. Step 2. Install the Protected Trust Connector The Protected Trust Connector is a light-weight Windows service installed on your domain network that reads data from your Active Directory and sends it to the Protected Trust service. To ensure high availability, install it on multiple servers. If no connectors are online for an extended period of time, user data will not synchronize and DL expansion will fail.

Protected Trust Directory Sync Guide 4 To install the Connector on your server: a) Download the Connector from the Protected Trust admin web portal. Sign-in at https://protectedtrust.com/login Click Settings Single Sign-On & User Sync Connectors Download and install Download Connector button b) Install the Connector on the desired Windows Servers. c) (Optional, see note below) Set the Log on user for the new Windows service called Protected Trust Connector. a. Open the Windows Services window (Shortcut: +R services.msc Enter). b. Right-click the Protected Trust Connector service and click Properties. c. Click the Log On tab and enter the desired service account under This account. d. Click OK and restart the Windows service Protected Trust Connector. Note: In some cases, the default Local System account has enough rights to read from Active Directory already. In this case, it may not be necessary to set a Log on user. d) From the Windows start screen, find and run Protected Trust Connector (Configuration) e) Copy the newly created Access ID from the API Access Credentials page (opened earlier) and paste it into the Access ID textbox. f) On the API Access Credentials page, click Show under the Access Key column. Copy the Access Key and paste it into the Access Key textbox. If the access key area turns blank on the webpage, your session may have timed out. Refresh the page to re-authenticate and try clicking Show again. g) On the Connector configuration screen, click Save. The program will verify the access credentials. If there was a problem, an error message should appear. h) On the Connector configuration program, click the Status tab. Ensure that the status label says Running & Connected. If not, review the logs for an error message. You may also view the Connectors page on the Protected Trust admin web portal for connection status. Sign-in at https://protectedtrust.com/login Click Settings Single Sign-On & User Sync Connectors i) Repeat installation on a second Windows server, if desired. Step 3. Configure Directory Sync Now that the Connector is installed and connected to the Protected Trust service, it is time to configure the synchronization with Active Directory.

Protected Trust Directory Sync Guide 5 a) On the Protected Trust admin web portal, navigate to the Directory Sync page. Sign-in at https://protectedtrust.com/login Click Settings Single Sign-On & User Sync Directory Sync b) Click New Directory Sync. c) Click Sync with AD & Exchange. d) Enter the requested information on the form: Display Name Status Choose any name that uniquely describes this directory sync configuration. E.g. MYCOMPANY.LOCAL AD Sync Enabled When enabled, the directory sync will occur on the schedule defined by Full Sync and Incremental Sync below. Paused When paused, the directory sync will not occur. Full Sync Incremental Sync Run on Connectors Select the interval to perform a full sync. During a full sync, a subset of data about each matching user and distribution list is sent to the Protected Trust service. Select the interval to perform an incremental/differential sync. New and modified users and distribution lists will be updated. Deleted users and distribution lists will not be detected until the next full sync. Typically, select Default. This option applies only if you wish to synchronize with multiple directories using different Connector installations.

Protected Trust Directory Sync Guide 6 Object Types Select the type of objects to synchronize. Users When checked, users will be synchronized. Single sign-on is required to synchronize users. Distribution Lists When checked, distribution lists will be synchronized. Only the metadata about a distribution list is synchronized; the membership is expanded each time a message is sent to one. Search Root Enter the root object in Active Directory to synchronize. E.g. CN=Users,DC=example,DC=local Filter Enter the LDAP query filter for the objects you d like to synchronize. Privacy Consideration: By default, users outside your organization (including guest users) that send a message to a distribution list that has require sender authentication (or similarly-named option) turned off can see the individual members of the distribution list. If you d like to prevent this behavior, do one of the following: Ensure that all of your distribution lists have Require Authentication set to true (in Active Directory). Or, exclude these distribution lists from Directory Sync by using the appropriate filter. For example, you may add the following clause to the Filter LDAP query: (msexchrequireauthtosendto=true) Domain Controller Hosts Authenticate as Domain User Domain User Password List the domain controllers in your Active Directory. Place one host on each line. (Optional) If you did not specify the Log on user when installing the Connector, you may enter the username of the Active Directory service account here. This is account is used to read data from Active Directory. (Optional) The password for the Active Directory service account, if domain user is specified above.

Protected Trust Directory Sync Guide 7 Encryption Use SSL If checked, the Connector will use SSL encryption to connect to the Active Directory domain controller(s). e) Click Save. Testing & Troubleshooting To ensure that Directory Sync is working as expected, send a test message to a distribution list using Protected Trust. Ensure that each person in the distribution list receives the message via Protected Trust. You may also view the Delivery Status and Proof of Delivery Log for a message by opening the sent message using the Protected Trust web portal. After distribution list expansion has completed, each member of a recipient distribution list should be listed in the Delivery Status table. Windows Event Log The Connector records warnings and errors in the Windows Application event log with a Source value of Protected Trust Connector. Log Files The Connector retains detailed log files for approximately 14 days in the Windows temporary directory. The files typically have the filename format C:\Windows\Temp\ptconnector-ABCDEFG-yyyy-MM-dd.log Review these log files for indications of warnings, errors, or other unexpected conditions. Monitoring By default, all administrators in your organization will receive an email notification if a Connector goes offline. When the connector comes back online, each administrator will receive another email notification. To control which administrators receive these notifications, a) Sign-in at https://protectedtrust.com/login b) Click User List c) Select Administrators from the drop-down list d) Click a user e) Click Notifications, on the left f) Check, or uncheck, Connector on the list g) Click Save

Protected Trust Directory Sync Guide 8 Contact Support For support, please contact the Protected Trust Support Team through the standard support channels: Web: https://protectedtrust.com/support Protected Trust Message: support@protectedtrust.com (preferred) Email: support@protectedtrust.com Phone: (863) 594-1141

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information