How to Configure Active Directory Sync Agent

Release Time
10/14/2018
Views
47 times
Category
Dome Data Loss Prevention
Tags

1.Introduction 

This guide contain information about  how to install AD agent and sync AD users with Cloud DLP Instance. 

2. Prerequisite

Before starting integration please check following items 

  • You have already SWG instance running on C1 
  • You have already Cloud DDP instance 
  • SWG integrated with DLP over ICAP  , please see how to check it. 
  • To apply AD user based policy , you need SWG agent installed on the computer.  You can download and run it from SWG portal ( Administration – > Traffic Forwarding –> "Dome Agent Configuration")
  • Computer that you will install the Dome Active Directory agent should be member of the Domain otherwise AD integration will be failed. 
  • Active Directory agent can be installed on any Windows client in your domain. 

3. Configuration

In this step , you will download and install the AD agent from DDP portal then sync AD user with DDP server. 

  1. Connect to DPP UI from C1 
  2. Navigate to Policy tab then click on Active Directory Agent section from  Server Connection
  3. Click on "Download Agent" button. 
  4. When installation completed then double click on the "Agent" to start installation
  5. When installation completed you need to stop service : Right click on Agent Tray Icon – > Click on Close 
  6. Open "ActiveDirectorySyncAgent.cfg " file with notepad that is located under "C:\Program Files(x86)\COMODO\Active Directory Sync Agent
  7. Navigate to "portal-api-url " then enter following url 

    portal-api-url = https://X.X.X.X/spring/syncagent/ldap_update/data

    Note: Please replace X.X.X.X with correct DLP server ip address/url : You find your DLP service url / io  from here 
  8. Save and Close  file 
  9. Click on "Start" menu on windows then click on "Active Directory Sync Agent
  10. Then click on "Configure"  from Tray icon 
  11. When Dome Active Directory agent configuration screen pop-up displayed on the screen  please enter the following parameters. 

    User Token : You can find this token on DLP UI (Policy – > Active Directory )
    Host Name:  Please enter the local ip address of Active Directory Server. 
    Base DN : Please enter your domain with following format , for exm : if your local domain is example.local then enter DC=example,DC=local
  12. Once you complete the steps above , then click on "Check LDAP Connection" then "Configuration is working successfully" message will be displayed on the screen. 
  13. Click on "Save & Close" button 
  14. Based on number of users on AD , sync process might take time. 
  15. Once sync completed then you can create new AD users from Policy –> AD users section.