Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?
View Categories

Configuration Details

Generic Agent 

If you will be connecting to an on-premise version of Active Directory, then you will need to install the SecurEnds Generic Agent on a server that can communicate with your instance of Active Directory. Please refer to the Generic Agent install document here on requirements and instructions to install.

The following information is needed to connect with Active Directory

Clients can leverage details within this link for LDAP Syntax Filters – https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx

  1. Schedule Import
    • Selecting “ON Demand” will allow you to only sync when you need a refresh of the data prior to an access review
  2. Global Catalog URL
    • The LDAP service provider uses a URL to configure the connection to the directory server. To generate the LDAP connection URL, we must specify the LDAP host, port and root.
      • LDAP protocol is used to communicate with Active Directory on port 389.
    • Format Example: LDAP://192.168.1.76/DC=CGISE,DC=local
  3. Directory URL
    • The LDAP service provider uses a URL to configure the connection to the directory server. To generate the LDAP connection URL, we must specify the LDAP host, port and root.
    • LDAP protocol is used to communicate with Active Directory on port 389.
      • Format Example: LDAP://192.168.1.76/DC=CGISE,DC=local
  4. ADUsername and AD Password
    • Provide an account username and password that has the necessary access to fetch users
      • Note: Domain needs to be appended to the end of the username for successful authentication.
  5. UserFilter
    • To fetch users or contacts we need to provide the user filter
      • Format Example: (|(&(!(cn=*cnf:*))(objectCategory=Person)(objectClass=User)(samAccountType:1.2.840.113556.1.4.803:=805306368))(&(!(cn=*cnf:*))(objectCategory=Person)(objectClass=contact)))
  6. GroupFilter
    • To fetch groups or roles we need to provide the Group Filter
      • Format Example: (&(objectCategory=Group)(!(cn=*cnf:*)))
  7. Active Users Filter
    • To fetch active users or contacts we need to provide the user filter
      • Format Example: (|(&(!(cn=*cnf:*))(objectCategory=Person)(objectClass=User)(samAccountType:1.2.840.113556.1.4.803:=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(!(cn=*cnf:*))(objectCategory=Person)(objectClass=contact)))
  8. Entitlement Owner Precedence ( Securends/Active Directory)
    • This value is case sensitive
    • Assignment of an Entitlement Owner for each entitlement will allow you to include the entitlement owner as a reviewer during a User Access Review campaign.
    • You can leverage the SecurEnds tool to define this OR pull the actual owners from the Active Directory data.
      • Enter Securends if you want to manually set the Entitlement Owner using the SecurEnds tool (do not use AD data).
      • Enter Active Directory if you want to pull the Entitlement Owners from the Active Directory data during a sync.

Powered by BetterDocs