Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

Configuration Details

Generic Agent  #

If you will be connecting to an on-premise version of Active Directory, then you will need to install the SecurEnds Generic Agent on a server that can communicate with your instance of Active Directory. Please refer to the Generic Agent install document here on requirements and instructions to install.

The following information is needed to connect with Active Directory #
  1. Schedule Import
    • Selecting “ON Demand” will allow you to only sync when you need a refresh of the data prior to an access review
  2. Global Catalog URL
    • The LDAP service provider uses a URL to configure the connection to the directory server. To generate the LDAP connection URL, we must specify the LDAP host, port and root.
      • LDAP protocol is used to communicate with Active Directory on port 389.
    • Format Example: LDAP://192.168.1.76/DC=CGISE,DC=local
  3. Directory URL
    • The LDAP service provider uses a URL to configure the connection to the directory server. To generate the LDAP connection URL, we must specify the LDAP host, port and root.
    • LDAP protocol is used to communicate with Active Directory on port 389.
      • Format Example: LDAP://192.168.1.76/DC=CGISE,DC=local
  4. AD Username and AD Password
    • Provide an account username and password that has access to fetch users
  5. User Filter
    • To fetch users or contacts we need to provide the user filter
      • Format Example: (|(&(!(cn=*cnf:*))(objectCategory=Person)(objectClass=User)(samAccountType:1.2.840.113556.1.4.803:=805306368))(&(!(cn=*cnf:*))(objectCategory=Person)(objectClass=contact)))
  6. Group Filter
    • To fetch groups or roles we need to provide the Group Filter
      • Format Example: (&(objectCategory=Group)(!(cn=*cnf:*)))
  7. Active Users Filter
    • To fetch active users or contacts we need to provide the user filter
      • Format Example: (|(&(!(cn=*cnf:*))(objectCategory=Person)(objectClass=User)(samAccountType:1.2.840.113556.1.4.803:=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(!(cn=*cnf:*))(objectCategory=Person)(objectClass=contact)))
  8. Entitlement Owner Precedence ( Securends/Active Directory)
    • Assignment of an Entitlement Owner for each entitlement will allow you to include the entitlement owner as a reviewer during a User Access Review campaign. You can manually assign this using the SecurEnds tool OR pull the actual owners from the Active Directory data.
      • Enter Securends if you want to manually set the Entitlement Owner using the SecurEnds tool (do not use AD data).
      • Enter Active Directory if you want to pull the Entitlement Owners from the Active Directory data during a sync.
This image has an empty alt attribute; its file name is image-13.png

Powered by BetterDocs

open

It’s official, SecurEnds raises $21M Series A! For more details, check out our Press Release and a message from our CEO.