Introducing the Directory Synchronization Client

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Introducing the Directory Synchronization Client

Introducing the Directory Synchronization Client

Related topics:

Before you begin

Basic directory synchronization steps

The Directory Synchronization Client collects user directory information from one or more directory servers for use by Forcepoint cloud-based services.

For Forcepoint Email Security Cloud, the client synchronizes registered email addresses and groups (Mail synchronization).

For Forcepoint Web Security Cloud, the client synchronizes user and group information (Group+User synchronization).

The Directory Synchronization Client supports on-premises LDAP-based directories such as Microsoft Active Directory and IBM Domino, as well as cloud-based directory services such as Microsoft Azure and Google Apps.


	Note Support for Directory Synchronization Client is limited to the most recent version and the version that immediately preceded it.

The Directory Synchronization Client runs either as a graphical or command-line application. Start by using the graphical application to create a configuration profile. You can then:

Run the synchronization process from the graphical console or the command line.

The graphical console allows you to choose either a full upload of all data or an incremental upload.

By default, the command-line synchronization process passes only incremental changes since the last run.

You can enable an option in the cloud portal to force a full update using the command-line process.

Schedule the process to run automatically.

Receive email notifications reporting the results of each synchronization run.

Email address registration

Forcepoint Email Security Cloud can protect against dictionary-type spam attacks by registering your valid email addresses and rejecting any email destined for invalid addresses. The Directory Synchronization Client helps you maintain your valid addresses by synchronizing the update of registered addresses with the cloud service. The task can be automated and, for example, integrated with Human Resources procedures for employees leaving or joining the company.

Registered addresses are synchronized using:

A secure HTTP-based interface to the Forcepoint Email Security Cloud synchronization service

The Directory Synchronization Client to extract address data from your directory sources and export it via the synchronization service

Group and user synchronization overview

In the Forcepoint cloud service, your directory information is used in applying web and email security policy rules to users and groups.

If you are synchronizing groups, you must also synchronize users.

When you synchronize a group, only information about the group itself (such as the group name and any parent group) is transfered—not the contents of the group.

User synchronization includes details of each group that users belong to.

When you apply a web policy or an email policy to a synchronized group, that policy is applied to all synchronized users who are members of that group.

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Introducing the Directory Synchronization Client

Copyright 2022 Forcepoint LLC. All rights reserved.