The Active Directory Connector allows you to manage users within the THRON platform, in full compliance with corporate policies.
The application enables identity management and simultaneously, the synchronisation of the entire organisation, preserving roles, belonging to specific groups and credentials of the users.
Thanks to the central registry administration, you can maintain a single point of control for all business communications systems (from intranet to extranet for suppliers), reducing management and maintenance costs.
After synchronisation in THRON, the authentication requests will always go through the Active Directory Connector to certify their identity.
A "Trust" system can also be used to allow users already authenticated within the corporate domain to access THRON through the Single Sign On.
Save on management costs: centralise the master data of users and reduce the management costs of the various business systems.
Work with precision, and obtain business benefits: simplify and speed up procedures: the company becomes more efficient and high-performing.
All the information for the correct installation of Active Directory Connector can be found in this document: Active Directory Connector - Configuration Process.
Before beginning installation
Installing Active Directory Connector impacts several areas of configuration.
Server instance where software must be installed: whoever installs the connector must have access to server OS with an administrator level login. If external personnel is used to install software, a VPN (or similar) access endpoint and credentials is mandatory.
Company’s AD access for Active Directory Connector: Active Directory Connector needs an AD user that has directory read rights.
Active Directory Connector internet availability: Active Directory Connector must have a public DNS entry resolving to specific public IP address used to reach Active Directory Connector from the internet.
- In order to access the Active Directory directory server, the authentication service exposed by the machine on which you installed the connector must be accessible from the outside through a combination of domain name and port to be specified in the activation panel of the connector. For maximum safety, we recommend installing the service in a machine protected by a firewall and to indicate during the activation the domain name and port that will be made accessible from outside by the firewall.
- The connector is provided with a built-in SSL certificate. If there is any special requirement related to a specific domain, please contact our technical support.
- Within your Active Directory you will need to set up a user with read privileges. This user will be used by the connector to synchronize data with THRON so its credentials will be requested during the configuration.
- Root Suffix and Base Context of the Active Directory node to be synchronized will be asked during the configuration of the connector.
- Active Directory Connector uses the universal LDAP protocol. Therefore, although it is currently certified to work with Microsoft Active Directory system, we invite you to contact our technical support if any additional configuration is needed.
- The administration console of the Active Directory connector is compatible with Chrome (both Windows and MacOSX), Firefox (both Windows and MacOSX), Safari (MacOSX) and Internet Explorer 9 (or later).
Additional information needed to install AD Connector:
- Domain name and port of your internal Active Directory (default ports are 389 for LDAP and 636 for LDAPS).
- Username and password of a user with read-only access to your Active Directory (password will not be stored in the cloud, neither clear nor hashed).
- THRON 3rd level domain (usually your company name).
- Public IP/Port of the Active Directory Connector (443 for HTTPS).
- Root Suffix and Base Context of the Active Directory node to be synchronized.
Minimum System Requirements
- Windows Server 2008 R2 or later
- 64-bit CPU
- 4 GB of RAM
- 10 GB of free disk space
- Microsoft Active Directory 2003, 2008 or 2012
- Java Oracle JRE 1.7.0_71 64bit (later releases are not certified)
Appendix A: IP Address ranges used by authentication requests
220.127.116.11/18, 18.104.22.168/20, 22.214.171.124/17, 126.96.36.199/18, 188.8.131.52/15, 184.108.40.206/15, 220.127.116.11/15, 18.104.22.168/15, 22.214.171.124/16, 126.96.36.199/16, 188.8.131.52/16, 184.108.40.206/15, 220.127.116.11/15, 18.104.22.168/15, 22.214.171.124/16, 126.96.36.199/16, 188.8.131.52/16, 184.108.40.206/16, 220.127.116.11/16, 18.104.22.168/17, 22.214.171.124/18, 126.96.36.199/17, 188.8.131.52/22