|
|
Active Directory |
The Active directory (AD) feature enables EntraPass to import and synchronize Users from AD with Operators in EntraPass. EntraPass uses Lightweight Directory Access Protocol (LDAP) to share information across the network between the EntraPass server and the clients AD. The sync feature eliminates the manual creation and maintenance of AD Users in EntraPass while the AD integration permits Single Sign On (SSO) authentication. This means Operators are authenticated by their Windows credentials and are automatically logged on to EntraPass Workstation using a single click. Up to ten AD connections are possible at the same time.
NOTE: To run the EntraPass LDAP service you need to install Microsoft's .NET Framework. Install .NET version 4.6.1 on the same machine where SmartLink is installed.
You are required to enter network and AD settings for the server you want to connect with.
1 - Under the System tab, select the Active directory button. The Active directory window appears with the General tab enabled.
2 - Click the New button to create a new Active directory and enter the necessary information in the language section.
NOTE: The Enable active directory service check box is automatically selected.
3 - Enter the IP address or the Domain name for the server that stores the Active directory. The LDAP application uses the dedicated Port 389 for both TCP and UDP transmission.
4 - The Sync interval (hh:mm:ss) field specifies the time interval between the last Sync and the next Sync. Enter the interval time in hours, minutes and seconds.
NOTE: After first installing the LDAP application EntraPass completes a full Sync. However, for a restart, EntraPass completes a partial Sync where SmartLink only updates new or modified entries.
5 - You need to assign a SmartLink to the Active directory because the LDAP application connects to the SmartLink Web service.
NOTE: Several SmartLink connections are possible on the same SmartLink. The maximum number of Active Directories defined in EntraPass is ten.
6 - Under the Active directory settings complete the following fields:
• LDAP Base DN: this is the distinguished name of the starting point for directory server searches, for example EntraPass.
• LDAP Binding DN: this is the user name of the AD User Account that you want to connect to the Active directory.
• LDAP Password: this is the Active directory password for the AD User Account.
• LDAP Password confirmation: confirm the password.
NOTE: If connection is successful then synchronization will occur. You will see LDAP service status at several locations, these are: System / Active directory, Status / Application / SmartLink, Windows system tray / LDAP Service Control, and the SmartLink application window.
7 - Use the Sync now button to manually start synchronization with the selected Active directory server.
NOTE: The button is shaded if the Active directory is not connected.
8 - Under the Mapping tab there are thirteen fields that EntraPass can synchronize with. The first nine are mandatory and read-only but the remaining four are optional depending on your requirements. The majority of read-only fields relate to the Active directory password and the various conditions associated with it. The reason for this is EntraPass does not store passwords in its database. Active directory fully controls passwords.
9 - If you select the Use expiry date and the Operator expiry date Active directory controls when the account expires. If you deselect these fields, the EntraPass settings remain operational. Select the Picture field if you want to store images of the operator, EntraPass can import both jpeg and thumbnail photo types. When you select the E-mail field it is possible to import and store either one or many email addresses for an operator.
10 - Please click here for information on the Comment tab.