Menu

Add a directory connector

Add a directory connector to extract required client's information on the directory server.

To add a directory connector:

  1. Navigate to Advanced > Directory Integration > Directory Service.
  2. Click Add. The Add Directory Service page opens.
  3. Enter the following information:

    • Service ID — Enter an identifier up to 50 characters long, containing letters, numbers, and special characters, namely dashes and underscores.
    • Service Name — Enter a name to distinguish this directory connector from others.
    • Status — Select the status of the directory connector to use. The default value is Activated.
    • Pool Name — Select the pool (directory server) that you have already created for directory servers in KM. To view the detailed information for each registered pool, go to Advanced > Directory Integration > Directory Pool.
    • Service Type — Select one of the following service types to perform user authentication or user searches on the directory server integrated with KM.

      Classification Service type Description
      Authentication Authentication

      Makes Authentication requests to a client's directory server.

      The filter and output fields are automatically entered in accordance with the directory server type.

      User-defined authentication

      Makes Authentication requests to a client's directory server.

      The filter and output fields must be entered manually in accordance with your desired settings.

      Search User Search

      Searches for user information only.

      The filter and output fields are automatically entered in accordance with the directory server type.

      Organization Search

      Searches for organization information only.

      The filter and output fields are automatically entered in accordance with the directory server type.

      User-defined search Searches for desired user information using the filter values entered manually. This information can also be sent to devices.
      Profile Configuration (User information)

      Searches for user information using the filter set for the directory connector.

      The compatible connector policy groups for the supported device platforms are:

      For user information that has already been synced to Knox Manage, click Lookup to set it.

      Profile Configuration (Certificate information)

      Authenticates users with the filter set for the directory connector.

      The compatible connector policy groups for the supported device platforms are:

      NOTE — To authenticate users on devices using globalLdapServiceAuthenticator selected as the authenticator, select the service type as Authentication or User-defined authentication. For more information about how to select the authenticator, see Setting the user authentication method.
    • Base DN — Click Select to select a starting location for searches in the directory server. Entering a Base DN value can reduce the time required to search for data by limiting searches to a specific location.

      • Selected DN — Shows the selected Distinguish Name (DN).
    • Filter — Click Select to select an Object Class and attributes for the LDAP Syntax string that is used to filter search results.

      • Recommended Properties — Shows the recommended properties of the selected object class.
      • Return Value — Shows the LDAP Syntax of the selected property information and object class.
      • Default — Select the object class name defined by default as a filter.
      • Custom — Select the object class name defined by connected directory server as a filter.
    • Range — Select one of the following search ranges for the directory server based on the specified base DN.

      • Object — Within the level of the base DN.
      • One Level — Within the level including the sub-level of the base DN.
      • Subtree — Within all sub-levels of the base DN.
    • Output Field — Select one of the following return information ranges to only extract the desired attributes. To modify the name of the selected sources and return properties, double-click an item on the Output Field Settings field, and then modify it. The return property names might not return if the modified property names are same as existing property names on the loaded attribute list.

      • All — Returns all attributes for the searched entries.
      • Select — Returns only the selected attributes for the searched entries. To select the desired properties to be used for the filter, click Select Property and select the desired properties on the loaded attribute list. To apply the selected properties, click Add. To delete an attribute from the selected properties list, click the delete icon next to the attribute.
  4. Click Save to add a directory connector.