Active Directory integration

Active Directory integration allows you to:

– Automatic synchronization of local AD users, organizational units and computers with the EM Platform Server.

– Login of synchronized AD users to the EM Platform Server with their AD credentials.

– Issuance of certificates via Active Directory Certificate Services (AD CS).

Requirements

Before setting up Active Directory integration, ensure that:

– Active Directory Domain Services (AD DS) are installed to create and manage the Active Directory domain.

– Client devices are members of the AD domain.

Integrate EM Platform Server with Active Directory

Navigate to Settings > Integrations.

Click Add connector.

Select Active Directory from the list of available connectors, and then click on Continue.

Enter under Connector details Enter the name and (optionally) description.

Click Continue.

Enter under Server address Enter the fully qualified domain name (FQDN) of the directory service you are connecting to (when using LDAPS). Use the following format: ComputerName.DomainName

Example: ad-test01.company.local

- OR -

Alternatively, use the IP address (when using LDAP).

Enter under User name Enter the username of an Active Directory domain account. Use the following format: DomainName\UserName

Enter under Password Enter the password associated with the entered username.

Define the communication protocol:

-LDAPS (Enabled by default): Encrypted LDAP communication using SSL/TLS.

-If disabled LDAP (unencrypted LDAP communication) is used.

Click Save.

The client credentials used by the AD synchronization service to connect to the EM Platform Server and to synchronize data from AD have been created.

After saving:

The new step credentials will be available. Here you can regenerate the client login credentials if needed. Generating new login credentials invalidates older login credentials.

Next Steps

Download the AD synchronization service and confirm the generated credentials. For more information, see [link to relevant documentation]. Install the AD synchronization service.

– Configure synchronization rules to synchronize AD users, organizational units, and computers with EM Platform Server.

– Enable SSO to allow synchronized users to log in to EM Platform Server with their AD credentials.

– Integrate the certification authority with AD to enable the issuance of certificates.

Synchronize Active Directory users with EM Platform Server

This section describes how to configure the rules for synchronizing AD users.

Requirements

Before configuring the synchronization rules, make sure you have added the AD connector and integrated EM Platform Server with Active Directory.

Navigate to Settings > Integrations.

Select the AD connector.

Select Configuration settings > Synchronization configuration .

Activate Synchronization configuration, and then configure the following options:

Click Add base DN, and specify the Distinguished Name of the base record to set the starting point for AD searches.
For example, if you want to start the query from the organizational unit test in the AD domain company.local, enter the following: OU=test, DC=company, DC=local.

Choose under User ID, how users are identified.

(Optional) Enable the option Automatically activate new users, to automatically update newly synchronized users to the status Active to set. If this option is disabled, imported users will receive the status Imported and must be invited.

(Optional) Enable Timetable, to schedule automatic synchronization at a specific time.

Specify how often you want to perform the synchronization.

Click Save.

Enable login to EM Platform Server using AD credentials

This article describes how to enable synchronized AD users to log in to EM Platform Server using their AD credentials.

Requirements

Before configuring authentication with AD credentials, make sure that you:

-EM Platform Server integrated with Active Directory.

-configured synchronization rules.

Navigate to Settings > Integrations.

Select the AD connector.

Select Configuration settings > authentication .

Activate Enable Single Sign-On (SSO) with Active Directory.

Click Save.

Integrate the certification authority with Active Directory for certificate issuance.

This article describes how to configure the integration of a Certificate Authority (CS) with Active Directory (AD) to support the issuance of certificates.

Requirements

Before configuring CS integration, make sure that:

Active Directory Certificate Services (AD CS) are installed and configured. Multiple AD CS instances can be installed if needed.

-EM Platform Server was integrated with Active Directory.

-User synchronization has been configured.

Navigate to Settings > Integrations.

Select the AD connector.

Select Configuration settings > Integration of the Certification Authority (CS).

Activate Integration of the Certification Authority (CS).

Choose one of the following options:

Select CS automatically: An available ZS will be selected automatically.

Enter CS names manuallyEnter the required ZS name in the field. CS name one. Use the following format: CAHostName\CAName. 

Example: ad-test01.company.local\company-ad-test01-CA

Choose under Certificate templates one of the following options:

Create new templatesNew templates are created automatically.

Use existing templates: Pre-configured templates are used.

If you were in the previous step Use existing templates If you have selected this option, please provide the following information:

Enrollment AgentSelect the Enrollment Agent type, and then provide the details based on the selected type:

VorlageEnter the template name or OID.

CertificationEnter the fingerprint from the certificate.

Smartcard LogonEnter the template name or OID.

Click Save.