Black Box iPATH ACR1000A-CTL-24 User Manual page 55

4.11.5 USERS > ACTIVE DIRECTORY
To simplify integration alongside existing systems within organisations, iPATH can be synchronized with an LDAP/Active
Directory server. This allows a list of users (and user groups), together with usernames and group memberships to be quickly
imported and kept up to date.
Initial configuration
The basic Active Directory (AD) server details are defined in the
Directory page (called "Import Users from Active Directory") will allow you to scan the AD server for a list of folders and users/
groups within those folders.
Choosing users and groups
Once scanned, the "Import Users from Active Directory" page shows all folders that are available on the AD server.
1 Use the "Include Users" and "Include Groups" checkbox columns on the right hand side of the folder lists to select which items
to import (with optional additional LDAP filters where necessary).
• If an AD user was not in the iPATH user database, they will be imported.
• If an AD user is already in the iPATH user database, they are kept.
• If an AD user is NOT marked for import/sync from the AD import page, and they already exist in the iPATH user database,
they will be removed from the iPATH user database during the sync operation.
IMPORTANT: It is thus vital to ensure that all users you want in the iPATH system are always selected for import/sync,
otherwise they will be removed.
2 Choose the required "Re-Synchronize" interval. Choices are Never, Hourly, Daily or Weekly.
3 You can choose to synchronize immediately or to preview the results of your settings:
• Click the "Preview" button to view the list of users that will be added/updated/removed on this synchronization. Once
previewed, you can either go ahead with the sync or return to the filter page and edit your settings.
• Click the "Save & Sync" button to synchronize the selected items into the iPATH user database.
Active Directory Tips
• A backup schedule is recommended so that any changes on the AD server are carried across to the iPATH server regularly. You
can choose from hourly/daily or weekly syncs. The settings/filters saved on this screen will be applied to each subsequent
sync, ensuring that your list of users is kept accurate.
• To temporarily remove a particular user from iPATH access, without having to make complicated LDAP filters, simply edit the
iPATH user to be suspended (see
synced from AD, they will be prevented from logging on.
• All LDAP filters should be self-contained, e.g: (!(cn=a*))
• Be sure to save any changes made to the sync settings before clicking the "sync-now" option. Otherwise, the next scheduled
sync operation will overwrite any user changes you made in your "sync-now".
• User groups are only imported from AD to iPATH if they contain users that are set to be imported too (i.e. a group will not be
imported, even if it contains users, unless its users match the sync filters).
Note: If a group contains more than 1499 users, then the group is returned as empty.
• Associations between users and user groups can only be made on the AD server - it is not possible to edit user/user-group
membership for AD users/groups on the iPATH server.
• Users and groups are technically "synchronized" rather than "imported" - each time a sync takes place, details are updated and
if a user no longer matches the sync filters, they will be removed from the iPATH user list.
Users > Add User or Configure User
1.877.877.2269
Dashboard > Settings page. Once configured, the Users > Active
page). Even though they will continue to be imported/
BLACKBOX.COM
NEED HELP?
LEAVE THE TECH TO US
LIVE 24/7
TECHNICAL
SUPPORT
1.877.877.2269
55