Skip to main content

Active Directory back channel configuration

Introduction

Active Directory Back Channel refers to a mechanism that allows Soffid to synchronize user information with an external Active Directory (AD) server in real-time or near real-time. This synchronization ensures that both Soffid and AD maintain consistent and up-to-date data.

How it works?

1. The AD sends the password to Soffid to verify that it complies with Soffid policy.
2. If it complies, the password is updated in the AD.
3. The password is sent to Soffid and the PropagatePassword task is created.
4. If the AD agent confirms that the new password has been saved, Soffid synchronizes it with the other systems.

How to install Active Directory back channel?

Download

In order to configure the Active Directory back-channel, you must use the eris command line tool. To do this, please, download the Password Synchronizer from our download portal:

image.png

Install

First of all, you must install the Windows package "Password synchronizer-3.0.x.msi"

Once installed Password Synchronizer on your system, please change to eris or eris64 directory (\ProgramFiles\Soffid\eris64) and execute:

eris-ad-service install

Configure

Finally, you must configute the Password Synchronizer executing the following command:

eris-ad-service CONFIGURE url-syncserver agent-name
  • url-syncserver is the master sync server url (http://master.dom.dom:port)
  • agent-name is the agent code name configured on Soffid console.

To see more information when configuring use | more. 

Example
eris-ad-service CONFIGURE https://sync-server.netcompose:1760/ "AD soffid.pat" | more
💻 Image

image.png

Test configuration

In order to test configuration, you must use the eris command line tool.

eris-ad-service TEST user pass

Where user and pass can be dummy. If you use a real one it will be propagated to the system.

To see more information during test use | more.

Example
eris-ad-service TEST aretha password | more
💻 Image

image.png


 Generated Task in the AD agent

image.png