Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Checklists for Setting up LDAP in Various Use Cases > Existing Web and/or email customers
Existing Web and/or email customers
For existing cloud web and/or email customers, see the following:
*
*
Wanting to manage users/groups from an LDAP directory
*
Review the existing cloud data structure, specifically the structure of users, groups, and policies. Go to Account > End Users and Account > Groups to view groups and users. (See Groups). Make sure the structure is still as you require. This is a good opportunity to review and amend the structure. Review the exceptions in the policy. (See Defining Web Policies) and exceptions. (See Exceptions.)
*
*
*
*
Configure the Directory Synchronization Client to search the LDAP directory and extract groups and users to a local file. (See the Directory Synchronization Client Administrator's Guide for instructions.) Compare the results against the cloud data, old CSV files, and/or expectations. Modify the search as necessary to ensure it returns expected results.
*
Decide whether to allow overwriting of groups of the same names. In the cloud manager, set Overwrite groups as necessary. (See Configure directory synchronization for information.) If you allow overwriting, LDAP groups then take over existing groups but retaining their structure in policies and exceptions. If you do not overwrite groups, make sure that all groups being synchronized from LDAP have different names than those in the cloud, then change any group-based notification in the cloud manager to the new LDAP names as required.
*
*
Then on the Configure Directory Synchronization screen, assign users to a default policy and for User policy assignment, select Follow group membership. With this setting, as users are moved to a different LDAP group, their policy assignment changes in step.
*
*
In the cloud manager, set up a contact with Directory Synchronization permissions. (See Set up authentication.) This will be the username/logon used for the Directory Synchronization Client logs into the cloud manager.
*
*
*
During a slow period, select Replace on the client. Data is synchronized to the cloud manager. Note the number of additions.This is visible in the Synchronization page and also from the notification email messages.
*
Log onto the cloud manager. Using Account > End Users, check that users' policies and groups are as expected. Check the groups list to ensure as expected. (See View and manage user data.)
*
*
*
Wanting to manage users/groups from an LDAP directory but Web policy assignment from the portal
*
Review the existing cloud data structure, specifically the structure of users, groups, and policies. Go to Account > End Users and Account > Groups to view groups and users. (See Groups). Make sure the structure is still as you require. This is a good opportunity to review and amend the structure.
*
*
*
*
Configure the Directory Synchronization Client to search the LDAP directory and extract groups, users, and email addresses to a local file. (See the Directory Synchronization Client Administrator's Guide for instructions.) Compare the results against the cloud data, old CSV files, and/or expectations. Modify the search as necessary to ensure it returns expected results.
*
Decide whether to allow overwriting of groups of the same names. In the cloud manager, set Overwrite groups as necessary. (See Configure directory synchronization for information.) If you allow overwriting, LDAP groups then take over existing groups but retaining their structure in policies and exceptions. If you do not overwrite groups, make sure that all groups being synchronized from LDAP have different names than those in the portal, then change any group-based notification on the portal to the new LDAP names as required.
*
*
Then on the Configure Directory Synchronization screen, assign users to a default policy and for User policy assignment, select Fixed. With this setting, new web users are assigned to the web policy when first synchronized into the service. After that you must manage all movement of users between policies in the cloud manager using the Manage Users page. (Group membership is ignored.)
*
*
In the cloud manager, set up a contact with Directory Synchronization permissions. (See Set up authentication.) This will be the username/logon used for the Directory Synchronization Client logs into the cloud manager.
*
*
*
During a slow period, select Replace on the client. Data is synchronized to the cloud manager. Note the number of additions.This is visible in the Synchronization page and also from the notification email messages.
*
Log onto the cloud manager. Using Account > End Users, check that users' policies and groups are as expected. Check the groups list to ensure as expected. (See View and manage user data.)
*
*
*

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Checklists for Setting up LDAP in Various Use Cases > Existing Web and/or email customers
Copyright 2020 Forcepoint. All rights reserved.