Active Directory back channel configuration

Introduction

Active Directory Back Channel refers to a mechanism that allows Soffid to synchronize user information with an external Active Directory (AD) server in real-time or near real-time (Password synchronizer). This synchronization ensures that both Soffid and AD maintain consistent and up-to-date data.

How it works?

The Password Synchronizer installs a service. This service is responsible for buffering passwords when they cannot be sent because the Sync Server is not available.

If the Sync Server is not available, the passwords are stored in an encrypted local file. When connectivity to the Sync Server is restored, the passwords are sent.

1. The AD sends the password to Soffid to verify that it complies with Soffid policy.
2. If it complies, the password is updated in the AD.
3. The password is sent to Soffid and the PropagatePassword task is created.
4. If the AD agent confirms that the new password has been saved, Soffid synchronizes it with the other systems.

How to install Active Directory back channel?

Download

In order to configure the Active Directory back-channel, you must use the eris command line tool. To do this, please, download the Password Synchronizer from our download portal:

💻 Image

Installation

First of all, you must install the Windows package "Password synchronizer-3.0.x.msi"

Once installed Password Synchronizer on your system, please change to eris or eris64 directory (\ProgramFiles\Soffid\eris64) and execute:

eris-ad-service install

Configuration

Finally, you must configute the Password Synchronizer executing the following command:

eris-ad-service CONFIGURE url-syncserver agent-name

url-syncserver is the master sync server url (http://master.dom.dom:port)
agent-name is the agent code name configured on Soffid console.

To see more information when configuring use | more.

Example

eris-ad-service CONFIGURE https://sync-server.netcompose:1760/ "AD soffid.pat" | more

💻 Image

Mind that, completed this step, the domain controller must be restarted to end the configuration properly.

Configuration test

In order to test configuration, you must use the eris command line tool.

eris-ad-service TEST user pass

Where user and pass can be dummy. If you use a real one it will be propagated to the system.

To see more information during test use | more.

Example

eris-ad-service TEST aretha password | more

💻 Image

Generated Task in the AD agent

AWS Connector

CSV Connector

Customizable CSV file (CSV Connector type)

Google Apps Connector

JSON REST Web Services Connector

JSON REST Web Services Connector - Properties

How to configure the Office 365 agent?

How to configure the Jira Atlassian agent?

LDAP Connector

Oracle Connector

Oracle EBS Connector

SAP Connector

SCIM Connector

Shell Connector

Invoker interface

SQL Connector

SQL Integration flows - Update user

Windows Connector

HOWTO SSL access to Active Directory

Invoker interface for Active Directory

Active Directory back channel configuration

AD Integration flows - Update user

AD Integration flows - Update account

Zarafa Connector

SQL Server Connector

Attribute mappings examples

Outgoing triggers examples

Incoming triggers examples

Triggers: Script Tips

Active Directory back channel configuration

Introduction

How it works?

How to install Active Directory back channel?

Download

Installation

Configuration

Example

Configuration test

Example