Active Directories
Active Directories page is used to integrate MetaDefender Vault with your organization Active Directory or LDAP Directory in order to synchronize users.
In order to be able to set up User Directory integration, the account used by Vault to connect to Active Directory or LDAP Directory will require read permissions in your organizations User Directory.
Account settings
After clicking the button to add a new User Directory, the user is prompted the next screen which is User Directory Account Settings.
Follow the Account Settings settings page for information on how to configure the account settings.
In case Single Sign-On is configured and is utilizing the same source as a configured Active Directory a user logging in using Single Sign-On will still have roles assigned based on the Active Directory configuration in the system.
Example: If an email address is not registered as administrator in Single Sign-On configuration but the logging in user's Active Directory group is configured as an administrator group, the logged in user will have administrator privilages.
When a local MetaDefender Vault user and an external directory user share the same email address, the login mechanism will first try to match the external directory for the credentials and after that will fall back to authenticate the local user.
In case Single Sign-On was configured and utilized prior to configuring an Active Directory which points to the same source of users all Local Users that were created through Single Sign-On must be deleted before they can log in.
The reason behind this is that the same user has been brought into the system through Active Directory and during login the system is unable to disambiguate between the two occurences of the same user.
After deleting the Local User variant, both Single Sign-On and Active Directory login will be directed to the Active Directory managed user.
Add new Active Directory type user directory
In the User Directory type drop down list select Active Directory.
In order to set up an Active Directory integration all the above mentioned settings must be filled in.
When all the required information is filled click Continue.
Add new LDAP Directory type user directory
In the User Directory type drop down list select LDAP Directory.
Follow the LDAP Directory Configuration page for information on how to configure the account settings for LDAP Directory.
When you have filled the required information click Continue.
Advanced settings
| Settings | Description |
|---|---|
| Synchronization configuration | The time interval between synchronizations |
| Login attempts allowed before the account is locked | Number of failed login attempts that can be done before the account will be locked |
| Lock Account For (Minutes) | If the number of failed login attempts is higher than the predefined number, the account will be locked for X minutes |
| Reset failed login attempts counter after (minutes) | 0 - Counter is never reset X - Counter resets after X minutes |
User Filtering Configuration
After selecting Continue on the previous screen, the user goes to the next screen which is User Filtering Configuration.
Follow the User Filtering Configuration page for information on how to configure user filtering.
After you complete the basic configuration you will be redirected to the User Filtering Configuration page where you can fine-tune the way users, administrators and read-only administrators are synchronized according to your User Directory structure.
Adding two DC (domain controller) servers for the same domain (for redundancy purposes) is not supported yet. We only support multiple DC for different domains.
Start Synchronization
After user filtering configuration is done you can click Start synchronization in order to begin the synchronization process. Please note that this operation can take a while.
Run in background
Vault allows Run the syncing users process in the background by click on button Run in background, a progress popup is displayed until it done
Overlicensing situation
If your assigned license key does not contain enough user licenses the User Directory synchronization will report the following message:
If this happens, please contact OPSWAT Sales for a license upgrade or, alternatively, you can go back to User Filtering Configuration step and exclude more users.
Please note that it is also possible to become over licensed at a later moment in time if new users are continuously added in your User Directory. If this happens, a notification will appear and an email notification will be sent to all the administrators. New users would not be able to log in until the over licensed state is resolved by either removing some users from the User Filtering Configuration or by requesting a license upgrade. Existing users (prior to becoming over licensed) will still be able to log in and upload files normally.
Active Directory List
After you have successfully configured one or more User Directories, the list should be displayed as follows:
