Efecte Provisioning Engine - Customer instructions for Active Directory
Efecte Provisioning Engine - Customer instructions for Active Directory
Customer instructions for Active Directory
Efecte Provisioning Engine supports User Federation called as AD connector. AD connector is part of Efecte Connect, native connectors and it is used for reading (ITSM&IGA) and writing (IGA) data towards/from to customers Active Directory. It can be used for all Efecte solutions which are using Efecte Provisioning Engine.
Customer actions
- VPN-tunnel between Efecte and Customers AD needs to be build
- Create Technical user account for Efecte authentication
- Create certificate for Efecte Solution
- Grant Read permissions
- Grant Write permissions if IGA project, these are described and documented in more detailed level in Customers Efecte AD integration description, provided by ongoing Efecte project.
Customer deliverables
| Information | Example |
|
Technical user name Service account name which is used for reading data from customers AD. This is send to responsible Efecte consultant via secure mail. |
SA_Efecte_Read |
|
Password Password for the service account. This is send to responsible Efecte consultant via secure mail |
Minimum 10 characters |
|
Port Port to be used for connection to customer AD. Default is 636. |
636 |
|
IP-address or hostname Host address or host name which will be used connecting to customers AD |
10.1.11.1 |
|
OU's for user accounts From which OU (can be several) user accounts are read from AD or which OU's are excluded. |
OU=Users,OU=Example,DC=Efecte,DC=local |
|
OU's for groups From which OU (can be several) groups are read from AD or which OU's are excluded. |
OU=Groups,OU=Example,DC=Efecte,DC=local |
|
Certificate EPE stores AD certificates in a file (truststore) with format PKCS 12. AD certificate must use X.509 standard/structure and they must use PEM format (Base64 ASCII encoded file) Note it's not recommended to use certificates loaded directly from AD server, instead it is preferred to use intermediate CA that is used to sign server certificates as they last longer that server certificates (only 1 year mostly). |
Certificates needs to be set in place and delivered to responsible Efecte consultant. |
AD connector description
More info about AD connector can be found from here.
Test environment compared to Production
It is good practice to create a dedicated service account for the test environment, with read-only access to the test directory or test OU. In production, broader rights to read everything that is needed.
Table of Contents