Employees enter and leave organizations everyday. New cloud applications for the organization require that the IT administrator not manage an additional application for adding and deleting users. As covered in Provisioning user accounts, users can be provisioned directly in the Syncplicity account. Optionally, you can use Active Directory (AD) Sync, so IT administrators only have to manage their users using their centralized AD/LDAP system. AD/LDAP continues to be the main source for user management and identities for majority of the enterprises. IT administrators need a way to provision cloud applications based on permissions in the AD or LDAP.
With this method, when a new employee joins the company, they have a Syncplicity account waiting for them. Likewise, when an employee is off-boarded, their account is suspended or deleted automatically.
To watch a video on how to setup AD Sync in Syncplicity and manage users automatically from your AD, click here.
AD Sync Tool
The AD Sync Tool is an application for synchronizing the Microsoft Active Directory (AD) with Syncplicity in order to provision and manage users, groups, and group membership.
The AD Sync Tool is deployed in the on-premise environment by means of an OVA (Open Virtualization Archive), and can be scheduled to run on a regular interval to provision users, groups, and group membership in Syncplicity. The tool can be configured to sync a targeted set of users and groups from AD into Syncplicity. It also provides options to check connectivity and perform a dry-run to ensure correct selection of users and groups from the Microsoft Active Directory.
To install and configure Syncplicity® AD Sync Tool, send an email to firstname.lastname@example.org and request the Installation and Configuration Guide.
Syncplicity also offers user provisioning and de-provisioning of a cloud version with OneLogin and Okta as well as an on-premise version with PingFederate. With the OneLogin, Okta, or PingFederate integration, changes to Active Directory accounts are automatically applied to Syncplicity accounts in real time without duplication of effort.
The following list provides the benefits of using the partner integrations:
- Provision Syncplicity accounts to thousands of users already managed in Active Directory.
- Provide instant access to the Syncplicity account when a new user is created in Active Directory.
- Revoke access to the Syncplicity account immediately when a user's account is deactivated or deleted in Active Directory.
- Provision the Syncplicity account to specific groups, such as marketing or engineering, directly from Active Directory.
- Roll out Syncplicity progressively to groups or organizational units defined in Active Directory.
- Mapping Syncplicity account provisioning to Active Directory groups makes it easier to manage licensing and resources.
- Remote wipe automatically when an account is deleted in Active Directory, permanently removing files from all connected devices.
OneLogin provides secure identity management, single sign-on and automated user provisioning solutions for organizations of all sizes via a cloud-based offering. To get started with OneLogin and for instructions on integrating with OneLogin, visit OneLogin.
PingFederate delivers single sign-on, identity management and automated user provisioning via a behind-the-firewall, on-premise application.
To get started with PingFederate and for instructions on integrating with PingFederate, visit Ping Identity.
Okta connects Syncplicity to Active Directory and LDAP making account administration easy and secure. The integration provides the ability to Provision and de-provision users, Deactivate / delete accounts, Map Syncplicity account provisioning to Active Directory groups. To get started with Okta, visit https://www.okta.com/syncplicity/.