8.5 Active Directories

Active Directories page is used to integrate MetaDefender Vault with your organization Active Directory in order to synchronize users.

In order to be able to set up Active Directory integration, the account used by Vault to connect to Active Directory will require read permissions in Active Directory.

Account settings

images/download/attachments/5742487/image2018-10-3_11-53-12.png

Setting

Description

Server Address

Address of the Active Directory server from where the users will be synchronized

Port

The port that will be used to connect to Active Directory
Note: the default port for LDAP is 389 and the default port for LDAPS is 636

Authentication Type

None: U se basic authentication (simple bind)

Secure: Request secure authentication
Note: AD DS uses Kerberos and possibly NTLM to authenticate the client

Secure Sockets Layer: Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.

Note: AD DS requires the Certificate Server to be installed to support Secure Sockets Layer (SSL) encryption.

Username

Username of a user inside the Active Directory who has read permissions

Password

The user's password to be used

When you have filled the required information click Continue.

Advanced settings

images/download/attachments/5742487/image2019-5-8_10-48-51.png

Settings

Description

Synchronization configuration

The time interval between synchronizations

Login Attempts Allowed

Number of failed login attempts that can be done before the account will be locked

Lock Account For (Minutes)

If the number of failed login attempts is higher than the predefined number, the account will be locked for X minutes

Reset Login Attempt Counter After (Minutes)

0 - Counter is never reset
X - Counter resets after X minutes

User Filtering Configuration

After selecting Continue on the previous screen, the user goes to the next screen which is User Filtering Configuration.

Follow the User Filtering Configuration page for information on how to configure user filtering.

Note

After you complete the basic configuration you will be redirected to the User Filtering Configuration page where you can fine-tune the way users and administrators are synchronized according to your Active Directory structure.

Start Synchronization

After user filtering configuration is done you can click Start synchronization in order to begin the synchronization process. Please note that this operation can take a while.

images/download/attachments/5742487/image2020-1-21_15-35-35.png

images/download/attachments/5742487/image2020-1-21_15-32-34.png

Run in background

Vault allows Run the syncing users process in the background by click on button Run in background, a progress popup is displayed until it done

images/download/attachments/5742487/image2020-4-7_8-53-33.png

Overlicensing situation

If your assigned license key does not contain enough user licenses the Active Directory synchronization will report the following message:
images/download/attachments/5742487/image2020-1-21_15-35-7.png

If this happens, please contact OPSWAT Sales for a license upgrade or, alternatively, you can go back to User Filtering Configuration step and exclude more users.

Warning

Please note that It is also possible to become over licensed at a later moment in time if new users are continuously added in your Active Directory. If this happens, a notification will appear and an email notification will be sent to all the administrators. New users would not be able to log in until the over licensed state is resolved by either removing some users from the User Filtering Configuration or by requesting a license upgrade. Existing users (prior to becoming over licensed) will still be able to log in and upload files normally.

Active Directory List

After you have successfully configured one or more Active Directories, the list should be displayed as follows:

images/download/attachments/5742487/image2019-6-13_11-13-45.png