Sync with On-Prem Active Directory (LDAP) Follow
Evo Security syncs with on-premise active directory via a LDAPs (Secure Lightweight Directory Application Protocol) service.
The service will complete a scan once every 10-minutes, to confirm if there are changes to the users or any new users to be synced to your instance of Evo. The only user details that are synced are first name, last name, and email address. Passwords remain managed by your systems.
With the LDAP agent, there is no longer the need for your users to remember yet another password. Your users will be able to login using Evo, with their network credentials. The user will be required to enter a code based on multi-factor authentication (MFA) being enabled, and their credentials are authenticated by your network.
These instructions assume:
- Active Directory has been setup on a server of Windows Server 2012r2 or higher.
- .NET Framework 4.7.2 (or higher) has been installed on the server.
- All users have been created under the Active Directory.
- All users have a unique email address, specific to their user.
- All users are a member of a group to be synced.
Create new directory
It is recommended that the LDAP agent be downloaded on the server it is to be installed, saves on copying the file from place-to-place.
- From the left nav menu, select My Company. Alternatively, select Customers and and choose a customer from the list
- From the side navigation, click Directories.
- Select the LDAP/On-Premise tab.
- Click Add New Directory.
- Enter a directory name.
- Click Generate LDAP Agent.
- Click Download LDAP Agent.
Install LDAP agent
It is recommended that the installation be completed on a Domain Controller where Active Directory has been configured, rather than a file server.
If you hadn’t downloaded the agent on the server it is intended to be installed, be sure to copy the file over. Or have it stored in a location it can be reached from the appropriate server.
- Open an explorer window and navigate to Downloads.
- Double-click the MSI file downloaded. The name of the file will match the directory name provided.
- Click Run.
- From End-user License Agreement. Check I accept the terms in the License Agreement and click Next.
- From Custom Setup, click Next.
- To sync only specific groups and users, from Configuration, click Groups… If you’d like to sync all available groups and users, skip to step 8.
- From the list of groups, select each group to sync. Once all groups have been selected click OK.
- Click Next.
- Click Install.
- Click Finish.
Now that you’ve completed the installation of Evo’s LDAP agent your users will immediately start to sync. You’ll find all users by clicking People in the side navigation.
The users that have synced, will receive a welcome email to scan their QR Code for the first time, the body of the email might request that they reset their password, this can be ignored as the passwords are controlled by your network not Evo.
If you’ve experienced any issues with the installation of the Evo LDAP agent, refer to How do I troubleshoot issues with the Evo LDAP Agent?
Please sign in to leave a comment.