Menu

Add sync services

Add AD/LDAP directory services in Knox Manage to synchronize user, organizational, and group information. Once added, you can sync through the corresponding menus in User, Group, and Organization.

To add a sync service, complete the following steps:

  1. Navigate to Advanced > AD/LDAP Sync > Sync Service.

  2. On the “Sync Service” page, click Add.

  3. On the “Add Sync Service” page, enter information required for specifying the basic information about a sync service.

    • Sync Service Name: Enter the sync service name (up to 25 characters consisting of letters, numbers, and special characters (- or _ only). It will be used to distinguish each sync service and also used when selecting sync services in User, Group, and Organization.

    • Target: Click the checkbox next to User, Group, and Organization as the target information to retrieve from the directory through the sync service.

    • Scheduler: Select Use next to Scheduler to use automatic synchronization and enter the schedule and iteration cycle in the Schedule tab below:

      • Time Zone: Click the drop-down menu and select the time zone to use for the automatic synchronization. You can change the default in Setting > Configuration > Basic Configuration.

      • Sync Interval: Click the drop-down menu and select a sync service interval: Once, Hourly, Daily, Weekly, Monthly, or Advanced Settings. If you select Advanced Settings, set a regular interval in month, week, day, or hour format using cron expressions.

      • Time: Set the start time for the sync service.

      • Start Date: Set the start date for the sync service.

      • Target of Scheduler: Click the checkbox next to User, Group, or Organization as the target information to retrieve from the directory through the scheduled sync service.

  4. Click the Server tab and enter information required for specifying the LDAP server information.

    • Directory Type: Select a directory. Select Other when connecting to other directory servers except the Microsoft Active Directory.

    • IP/Host: Enter the IP or host address of the directory, and the TCP port number for communicating with the directory server. The default port number used for unencrypted communication with the directory server is 389.

    • Encryption Type: Select None (No encryption), SSL (Secured Socket Layer), or TLS (Transport Layer Security) as the encryption method for the internet communication protocol used for communicating with the directory server.

    • Auth Type: Select None, Simple, DIGEST-MD5(SASL), or CRAM-MD5(SASL) as the authentication method used when establishing a connection with the directory server. After selecting DIGEST-MD5(SASL) or CRAM-MD5(SASL), fill out the Authentication details field for the chosen Auth Type as follows:

      Auth Type Desciption

      DIGESTMD5(SASL)/CRAMMD5(SASL)

      Configure the settings for Simple Authentication and Security Layer (SASL), a telnet-based protocol:

      • SASL Realm: Enter the realm value of the SASL server in domain format (e.g., sample.com).
      • Quality of Protection: Select the quality of the data protection from the following.
        • Authentication Only: Protect data only upon authentication.
        • Authentication with integrity: Ensure integrity of all the data exchanged, as well as authentication.
        • Authentication with integrity and privacy: Ensure integrity of all data exchanges, as well as authentication through data encryption.
      • Protection Strength: Select a data protection level, and determine whether or not mutual authentication should be performed when exchanging data.
        • High: Use 128-bit encryption.
        • Medium: Use 56-bit encryption.
        • Low: Use 40-bit encryption.
        • Mutual authentication: Click the checkbox next to Mutual authentication to ensure data validity by inserting the key into the data exchanged between the client and server.
    • User ID: Enter the administrator information of the directory server in any of the following forms:

      • domain/administrator ID
      • administrator ID @ domain
      • CN = administrator ID, CN = Users, DC = domain, and DC = com.
    • Password: Enter the user ID’s password.

  5. Click the User, Group, or Organization tab according to your selection in Target in the Preferences tab, and then enter the following information:

    • For more information on the User tab, see Customizing user information.
    • For more information on the Group tab, see Customizing group information.
    • For more information on the Organization tab, see Customizing organization information.
  6. Click Save & Sync.

  7. In the “Save & Sync Service” window, click OK.

    • Click View next to Expected Sync Result to preview the sync result before starting sync.

Customizing user information

Customize user information on the User tab in the “Add Sync Service” window.

To customize the user information when adding the sync service, complete the following steps:

  1. Navigate to Advanced > AD/LDAP Sync > Sync Service.

  2. On the “Sync Service” page, click Add.

  3. On the “Add Sync Service” page, enter information required for specifying the basic information about a sync service. For more information, see Adding sync services.

    NOTE—When entering the information on the “Add Sync Service” page, you must select User for the sync service target.

  4. Click the User tab, and then enter the following information:

    • Base DN: Click Select to open the “Select Base DN” window and select a starting location for searches in the directory server. Entering a Base DN value can reduce the time required to search for data by limiting searches to a specific location.

      • Selected DN: Shows the selected DN (Distinguish Name).

    • Filter: Click Select to open the “Select Object Class” window and select an Object Class and attributes for the LDAP Syntax string that will be used to filter search results. For more information about setting filters, see Adding a directory connector.

      • Recommended Properties: Displays the recommended properties of the selected object class.

      • Return Value: Displays the LDAP Syntax of the selected property information and object class.

      • Default: Select the object class name defined by default as a filter.

      • Custom: Select the object class name defined by connected directory server as a filter.

    • Sync Target: Select to add specific targets that are not already specified as targets for the sync service.

      • Directly Select (Recommended): Click Select to open the “Select Sync Target” window and select the desired target.

      • All in Config: All users are selected.

    • Auto Deploy: Profiles are automatically applied to the user devices when organization information is changed.

    • Permanent Delete: Select how to process users who have been deleted from the directory server in Knox Manage.

      • Keep: Select to keep the user’s data in Knox Manage.

      • Delete: Select to clear the user’s data from Knox Manage. Deleted users are then added to the list of Sync exceptions. To view this list, navigate to Advanced > AD/LDAP Sync > Sync Service, and on the “ Sync Service” page, click Manage Sync Exception and view Exception Type with a value of Deleted (Source).

  5. Click next to Detail in the Mapping Information area and enter information for mapping the user attributes of the directory server and the user attributes entered when registering user accounts in Knox Manage. The most common values of a directory server are entered automatically, but you can change them according to the directory server.

    • User ID: Enter a user ID up to 220 characters.

    • User Name: Enter the user’s login name that will be used for the Windows domain. Enter the UPN in “User’s login name@domain_name” format.

    • Employee No.: Enter the employee’s number.

    • Email: Enter the user’s email address.

    • Mobile No.: Enter the user’s mobile number.

    • DN (Distinguished Name): Enter the unique name of the LDAP object.

    • Object Identifier: Enter the ID used to distinguish the synced user.

    • Organization: Enter the organization name.

    • Status: Enter the status of the user account.

    • Last Updated Date: Enter the last date when the user information was updated.

    • Created Date: Enter the date when the user was created.

    • First Name: Enter the user’s first name.

    • Middle Name: Enter the user’s middle name.

    • Last Name: Enter the user’s last name.

    • Display Name: Enter the user’s display name.

    • Department: Enter the user’s department.

    • Administrator DN: Enter the unique name of the administrator.

    • Email User Name: Enter the user’s email username.

    • Contact: Enter the contact information.

    • UPN: Enter the User Principal Name (UPN).

    • User Identifier: Enter the name used to distinguish the synced user.

    • Default Country Code: Enter the default country code.

    • Organization Code: Enter the organization code.

    • Position Code: Enter the position code.

    • Site: Enter the site information.

    • Security Level: Select a security level for the user.

    • User Certificate: Select a user certificate.

    • User-Defined 1: Enter a user defined value.

    • User-Defined 2: Enter a user defined value.

    • User-Defined 3: Enter a user defined value.

    NOTE

    • Click Select to the right of each item to search for the attributes defined in the directory server.

    • Click Refresh to the right of each item to reset the saved values back to the default values.

    • Click the checkbox next to User Static Input Value to delete the default mapped values and to allow you to enter values manually.

  6. Click Save & Sync.

  7. In the “Save & Sync Service” window, click OK.

    • Click View next to Expected Sync Result to preview the sync result before starting sync.