Active Directory Sync (AD) How it Works in WhosOnLocation



Similar documents
Active Directory Sync (AD) How to Setup

Fairsail. Implementer. Fairsail to Active Directory Synchronization. Version 1.0 FS-PS-FSAD-IG R001.00

Setup and configuration for Intelicode. SQL Server Express

ADFS Integration Guidelines

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Setup Corporate (Microsoft Exchange) . This tutorial will walk you through the steps of setting up your corporate account.

NSi Mobile Installation Guide. Version 6.2

Configuring Salesforce

Cloudwork Dashboard User Manual

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Livezilla How to Install on Shared Hosting By: Jon Manning

Configuration Guide. BES12 Cloud

Copyright: WhosOnLocation Limited

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

Preparing for GO!Enterprise MDM On-Demand Service

Computer Services Documentation

OneLogin Integration User Guide

ADFS for. LogMeIn and join.me authentication

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SchoolBooking LDAP Integration Guide

SchoolBooking SSO Integration Guide

Introduction to the EIS Guide

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: Version: 2.2

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

qliqdirect Active Directory Guide

Technical Overview. Active Directory Synchronization

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

F-Secure Messaging Security Gateway. Deployment Guide

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

escan SBS 2008 Installation Guide

DigiVault Online Backup Manager. Microsoft SQL Server Backup/Restore Guide

Configuration Guide BES12. Version 12.3

Security Provider Integration Kerberos Authentication

WHMCS LUXCLOUD MODULE

IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, Integration Guide IBM

WHITE PAPER BT Sync, the alternative for DirSync during Migrations

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

IIS, FTP Server and Windows

Configuration Guide BES12. Version 12.2

MaaS360 Cloud Extender

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

MaaS360 On-Premises Cloud Extender

Using a Remote SQL Server Best Practices

Active Directory Self-Service FAQ

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Protected Trust Directory Sync Guide

Configure Single Sign on Between Domino and WPS

LT Auditor Windows Assessment SP1 Installation & Configuration Guide

Introduction to Mobile Access Gateway Installation

FileCruiser. Desktop Agent Guide

Getting Started with Clearlogin A Guide for Administrators V1.01

Advanced Configuration Administration Guide

Important Information

Alinto Mail Server Pro

Technical Bulletin 005 Revised 2010/12/10

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Citrix EasyCall Gateway Pre-Installation Checklist

F-SECURE MESSAGING SECURITY GATEWAY

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Secure Web Appliance. SSL Intercept

Xopero Backup Build your private cloud backup environment. Getting started

CUSTOMER Android for Work Quick Start Guide

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Barracuda Spam&Virus Firewall v5.1 a Web Filter v5.0 Nové funkce, pluginy a uživatelská vylepšení. Jiří Blažek, Product Manager

CA Nimsoft Service Desk

Table of Contents Introduction... 2 Azure ADSync Requirements/Prerequisites:... 2 Software Requirements... 2 Hardware Requirements...

Identity Management in Quercus. CampusIT_QUERCUS

Connect Getting Started Guide. Connect Getting Started Guide

GiftWrap 4.0 Security FAQ

WatchDox for Windows User Guide. Version 3.9.0

ContactMonkey for Business

Single Sign-On Implementation Guide

Password Manager. Version Password Manager Quick Guide

FileCloud Security FAQ

Microsoft Corporation. Project Server 2010 Installation Guide

Security Overview Enterprise-Class Secure Mobile File Sharing

Swisscom Mobile Device Services Quick Start Guide: Set-up Remote Management basic. Mobile Device Services Februar 2014

Security Provider Integration LDAP Server

IPedge Feature Desc. 5/25/12

How To Login To The Mft Internet Server (Mft) On A Pc Or Macbook Or Macintosh (Macintosh) With A Password Protected (Macbook) Or Ipad (Macro) (For Macintosh) (Macros

SonicWALL SSL VPN 3.5: Virtual Assist

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

OFFICE OF KNOWLEDGE, INFORMATION, AND DATA SERVICES (KIDS) DIVISION OF ENTERPRISE DATA

Integrating LivePerson with Salesforce

VMware Identity Manager Administration

What is the Barracuda SSL VPN Server Agent?

administrator are Console Users that can log on to the Web Management console and

Sophos Mobile Control Installation guide

Configuring MailArchiva with Insight Server

Employee Active Directory Self-Service Quick Setup Guide

Release Note RM Unify CSV Extraction Tool

Administration Guide. BlackBerry Resource Kit for BlackBerry Enterprise Service 10. Version 10.2

SharePoint AD Information Sync Installation Instruction

Enterprise Vault.cloud Deployment Checklist

BlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services

OutDisk 4.0 FTP FTP for Users using Microsoft Windows and/or Microsoft Outlook. 5/1/ Encryptomatic LLC

Matrix Logic WirelessDMS Service 2.0

Transcription:

Active Directory Sync (AD) How it Works in WhosOnLocation 1 P a g e

Contents Overview... 3 About AD in WhosOnLocation... 3 The Way It Works... 3 Requirements... 3 How to Setup Active Directory Sync... 4 Download your AD Script... 4 Configuration... 6 Active Directory Sync F.A.Q... 7 2 P a g e

Overview About AD in WhosOnLocation Active Directory (AD) is an employee directory service implemented by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Your unique script will export selected users from your Active Directory to your WhosOnLocation account using LDAP via the Microsoft csvde.exe utility in CSV text format and securely uploads it to our server. The script is written in the powershell language and is fully auditable by the customer and will work seamlessly with a web proxy if you use one. The default LDAP search is to look for all accounts which match the LDAP search "(objectclass=user)" within the base tree and return the configured attributes such as the person s name and email address. The Way It Works 1. The script is run periodically from one of your computers under an account which can query the LDAP tree. Your system administrator will set this up (see http://support.microsoft.com/kb/324283). 2. The script runs the built in AD export tool C:\Windows\System32\csvde.exe to extract the data. 3. An encrypted HTTPS connection is made to our systems. 4. The data is sent and merged with our database, new users added, modified users updated and removed users are set to disabled. 5. New users have a random password set and are emailed instructions. The system can be set to automatically activate the new users or require an admin to enable. Requirements Windows PowerShell 3.0 or greater Csvde (see http://technet.microsoft.com/en-us/library/cc732101.aspx) 3 P a g e

How to Setup Active Directory Sync Pre-requisite: You must be an Account Owner in order to perform the Initial Steps. If you are not an Account Owner and you do not know who your WhosOnLocation Account Owner is; please email helpdesk@whosonlocation.com and will advise you. Download your AD Script 1. Login to your WhosOnLocation Account 2. Select Tools > Account > Employee Management You will see this screen below: 3. Select the Yes option alongside Active Directory Sync (AD) 4. The Active Directory Sync Enabled acknowledgement will show. Select Close. 4 P a g e

5. Download Script: You will be presented with the Download Script button. Select this to download your unique script. Please note: The API key illustrated on this screen is unique to your organisation. You do not need to copy it as we pre-populate that into your script when you download it. However, we illustrate it for your reference. 6. New employee policy. When a new employee is added to your WhosOnLocation account via Active Directory Sync visitors will be able to select them as their Host immediately. However in order for the employee to gain access to their WhosOnLocation account for the purposes of pre-registering visitors, tagging themselves on or off-site, or access any of the User Roles, they must first be sent an activation email. There are two options for activating this email: a. Manual Activation means one of your WhosOnLocation Administrators must grant them access manually by sending the employee an Activation Email from the Employee management tools under Tools > Locations > View Location > Employees. On receipt of the activation email the employee selects the embedded link (inside the email) and they are directed to the login screen of your WhosOnLocation account. They must then create a password in order to login. b. Automatic Activation means when a new employee is added to your WhosOnLocation account via the Active Directory Sync, an activation email is sent automatically to the new employee inviting them to create their own password in order to login. 5 P a g e

Configuration You must enter five configuration items in to the Sync script. We provide default values to assist. Appkey This is a secure token which uniquely identifies your company in our software, we preenter this value for you. Location (optional) default: "" The staff location normally is matched from the l LDAP attribute, this can be overridden by setting the location variable in the script. Multiple copies of the Sync script can be run with different location variable and LDAP parameters to ensure the staff are imported to the correct place. LDAP host default: localhost The hostname of the AD domain controller within your infrastructure to run the LDAP query. Since the script is running within your network there are no external connections to your domain controller or firewall changes needed. LDAP base example: "CN=Users,DC=example,DC=com" The point within your Active Directory tree to search for user accounts. LDAP search default: "(objectclass=user)" The criteria to match a user account within the Active Directory tree for export to WhosOnLocation. LDAP fields The LDAP attributes to send to WhosOnLocation. This is pre-set to "displayname, GivenName, sn, title, department, l, physicaldeliveryofficename, co, company, mail, mobile, telephonenumber". -------------------------------------------------------------------------------------------------------------------- 6 P a g e

Active Directory Sync F.A.Q 1. Q: We have multiple locations using WhosOnLocation. How do we assign the employees to their respective Locations setup in our WhosOnLocation account? A: The staff location normally is matched from the 'l' LDAP attribute, this can be overridden by setting the location variable in the script. Multiple copies of the Sync script can be run with different location variable and LDAP parameters to ensure the staff are imported to the correct place. 2. Q: Do users still login using the password they create themselves? A: Yes unless you use Single Sign-on, all users will create their own password when they initially receive their Activation Email (if applicable). 3. Q: Can users change their password? A: Yes. Users can change their password anytime by opening their Profile and selecting Change my Password. 4. Q: Can we still add employees manually if they do not appear in our Active Directory? A: Yes. However assuming you include the new employee s email address when setting them up, should they ever be added to your Active Directory, their manually created record will be updated with the first Active Directory Sync and overridden using the Active Directory Sync employee profile. If the Active Directory employee profile records a different email address to that of the manually created profile, then two, independent profiles, will exist. In such circumstances we recommend removing the manually created one. 5. Q: WhosOnLocation does not permit an employees (or any) email address to be used more than once. So two or more employees cannot share an email address. So how does WhosOnLocation treat an Active Directory Sync where the same email address is recorded against two or more employees? A: Subsequent duplicates will be ignored in the Sync. 6. Q: Can you tell me anything about the security of the AD Data transfer? A: The AD Sync application connects back to the WhosOnLocation API server over a secure HTTPS connection. The application will only accept a connection to a valid and trusted certificate before sending any data. Our certificate is issued by Comodo UK and provides a chain of trust back to the default Windows certificate store. We have an additional option in the Sync application to verify the public key, this will directly compare the public key for the remote side to the known value for api.whosonlocation.com. This option forgoes the issuer validation and ensures that it is absolutely connected to WhosOnLocation, a fake trusted certificate cannot be used to intercept communications. If you require any further information about AD for WhosOnLocation please contact us on: Email: helpdesk@whosonlocation.com 7 P a g e

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information