Active Directory back channel configuration
Introduction
Active Directory Back Channel refers to a mechanism that allows Soffid to synchronize user information with an external Active Directory (AD) server in real-time or near real-time (Password synchronizer). This synchronization ensures that both Soffid and AD maintain consistent and up-to-date data.
How it works?
1. The AD sends the password to Soffid to verify that it complies with Soffid policy.
2. If it complies, the password is updated in the AD.
3. The password is sent to Soffid and the PropagatePassword task is created.
4. If the AD agent confirms that the new password has been saved, Soffid synchronizes it with the other systems.
How to install Active Directory back channel?
Download
In order to configure the Active Directory back-channel, you must use the eris command line tool. To do this, please, download the Password Synchronizer from our download portal:
Install
First of all, you must install the Windows package "Password synchronizer-3.0.x.msi"
Once installed Password Synchronizer on your system, please change to eris or eris64 directory (\ProgramFiles\Soffid\eris64) and execute:
eris-ad-service install
Configure
Finally, you must configute the Password Synchronizer executing the following command:
eris-ad-service CONFIGURE url-syncserver agent-name
- url-syncserver is the master sync server url (http://master.dom.dom:port)
- agent-name is the agent code name configured on Soffid console.
To see more information when configuring use | more.
Example
eris-ad-service CONFIGURE https://sync-server.netcompose:1760/ "AD soffid.pat" | more
Test configuration
In order to test configuration, you must use the eris command line tool.
eris-ad-service TEST user pass
Where user and pass can be dummy. If you use a real one it will be propagated to the system.
To see more information during test use | more.
Example
eris-ad-service TEST aretha password | more