Employees enter and leave organizations everyday. New cloud applications for the organization require that the IT administrator not worry about yet another application for them to manage, add and delete users. As covered in the previous article, Provisioning user accounts, users can be provisioned directly in the Syncplicity account. Optionally, you can use Active Directory (AD) Sync, so IT administrators only have to manage their users using their centralized AD/LDAP system. AD/LDAP is still the main source for user management and identities for majority of the enterprises. IT administrators need a way to be able to provision cloud applications based on permissions in the AD or LDAP.
With this method, when a new employee joins the company, they have a Syncplicity account waiting for them. Likewise, when someone gets off-boarded, his or her account is suspended or deleted automatically.
AD Sync Tool
The AD Sync Tool is an application for synchronizing the Microsoft Active Directory (AD) with Syncplicity in order to provision and manage users, groups, and group membership.
The AD Sync Tool is deployed in the on-premise environment by means of an OVA (Open Virtualization Archive), and can be scheduled to run on a regular interval to provision users, groups, and group membership in Syncplicity. The tool can be configured to sync a targeted set of users and groups from AD into Syncplicity. It also provides options to check connectivity and perform a dry-run to ensure correct selection of users and groups from the Microsoft Active Directory.
To install and configure Syncplicity® AD Sync Tool request for Installation and Configuration Guide document by sending an email to firstname.lastname@example.org.
The Syncplicity also offers user provisioning and de-provisioning of a cloud version with OneLogin and Okta as well as an on-premise version with PingFederate. With the OneLogin, Okta or PingFederate integration, changes to Active Directory accounts are automatically applied to Syncplicity accounts in real time without duplication of effort.
Here is a list of benefits to using our partner integrations:
- Provision Syncplicity accounts to thousands of users already managed in Active Directory.
- Provide instant access to the Syncplicity account when a new user is created in Active Directory.
- Revoke access to the Syncplicity account immediately when a user’s account is deactivated or deleted in Active Directory.
- Provision the Syncplicity account to specific groups like marketing or engineering directly from Active Directory.
- Roll out Syncplicity progressively to groups or organizational units defined in Active Directory.
- Mapping Syncplicity account provisioning to Active Directory groups makes it easier to manage licensing and resources.
- Remote wipe automatically when an account is deleted in Active Directory, permanently removing files from all connected devices.
OneLogin provides secure identity management, single sign-on and automated user provisioning solutions for organizations of all sizes via a cloud-based offering. To get started with OneLogin and for instructions on integrating with OneLogin, please visit OneLogin
For instructions on integrating with OneLogin, please visit Instructions.
PingFederate delivers single sign-on, identity management and automated user provisioning via a behind-the-firewall, on-premise application.
To get started with PingFederate and for instructions on integrating with PingFederate, please visit Ping Identity.
Okta connects Syncplicity to Active Directory and LDAP making account administration easy and secure. The integration provides the ability to Provision and de-provision users, Deactivate / delete accounts, Map Syncplicity account provisioning to Active Directory groups. To get started with Okta, go to https://www.okta.com/syncplicity/.