Table of Contents
Advertisement
iPATH Agility Controller
4.9.5 Users > Active Directory
To simplify integration alongside existing systems within organizations, iPATH Agility Controller can be synchronized with an LDAP/
Active Directory server. This allows a list of users (and user groups), together with usernames and group memberships to be
quickly imported and kept up to date.
Initial configuration
The basic Active Directory (AD) server details are defined in the Dashboard > Settings page. Once configured, the Users > Active
Directory page (called "Import Users from Active Directory") will allow you to scan the AD server for a list of folders and users/
groups within those folders.
Choosing users and groups
Once scanned, the "Import Users from Active Directory" page shows all folders that are available on the AD server.
1 Use the "Include Users" and "Include Groups" checkbox columns on the right hand side of the folder lists to select which
items to import (with optional additional LDAP filters where necessary).
• If an AD user was not in the iPATH Agility Controller user database, they will be imported.
• If an AD user is already in the iPATH Agility Controller user database, they are kept.
• If an AD user is NOT marked for import/sync from the AD import page, and they already exist in the iPATH Agility Controller
user database, they will be removed from the iPATH Agility Controller user database during the sync operation.
IMPORTANT: It is thus vital to ensure that all users you want in the iPATH Agility Controller system are always selected for
import/sync, otherwise they will be removed.
2 Choose the required "Re-Synchronize" interval. Choices are Never, Hourly, Daily or Weekly.
3 You can choose to synchronize immediately or to preview the results of your settings:
• Click the "Preview" button to view the list of users that will be added/updated/removed on this synchronization. Once
previewed, you can either go ahead with the sync or return to the filter page and edit your settings.
• Click the "Save & Sync" button to synchronize the selected items into the iPATH Agility Controller user database.
Note: iPATH Agility Controller will only import folders/groups/users up to the limit set by the AD server. There is a known issue:
iPATH Agility Controller can only import x users/groups from AD where x is the limit set on the AD server. Any users/groups
beyond this limit will not be imported.
4.9.5.1 Active Directory Tips
• A backup schedule is recommended so that any changes on the AD server are carried across to the iPATH Agility Controller
regularly. You can choose from hourly/daily or weekly syncs. The settings/filters saved on this screen will be applied to each
subsequent sync, ensuring that your list of users is kept accurate.
• To temporarily remove a particular user from iPATH Agility Controller access, without having to make complicated LDAP filters,
simply edit the iPATH Agility Controller user to be suspended (see Users > Add User or Configure User page). Even though they
will continue to be imported/synced from AD, they will be prevented from logging on.
• All LDAP filters should be self-contained, e.g: (!(cn=a*))
• Be sure to save any changes made to the sync settings before clicking the "sync-now" option. Otherwise, the next scheduled
sync operation will overwrite any user changes you made in your "sync-now".
• User groups are only imported from AD to iPATH Agility Controller if they contain users that are set to be imported too (i.e. a
group will not be imported, even if it contains users, unless its users match the sync filters).
• Associations between users and user groups can only be made on the AD server - it is not possible to edit user/user-group
membership for AD users/groups on the iPATH Agility Controller.
• Users and groups are technically "synchronized" rather than "imported" - each time a sync takes place, details are updated
and if a user no longer matches the sync filters, they will be removed from the iPATH Agility Controller user list.
Page 54
724-746-5500 | blackbox.com
Advertisement
Table of Contents
