Active Directory users - Trustelem ADConnect

Contents

How does it work?

The goal is to use Active Directory as an identity provider for Trustelem.
To do so, a connector, Trustelem ADConnect, is installed on a customer Virtual Machine.

Using this connector, Trustelem can synchronize and authenticate users selected by Trustelem administrators, based on their AD memberOf.

schema-tlm-adconnect.PNG

1/ During the setup, Trustelem ADConnect opens a websocket to admin.trustelem.com using port 443.
Note: with the websocket, information is encrypted by TLS protocol and with an additional symmetric encryption.

2/ Trustelem sends search / authentication requests to Trustelem ADConnect using the websocket.

3/ Trustelem ADConnect sends the request to Active Directory using LDAP(S) with the service account running the connector.

4/ Active Directory replies to the request from Trustelem ADConnect using LDAP(S).

5/ Trustelem ADConnect sends the answer to admin.trustelem.com using the websocket

Note: thanks to this connector Trustelem does not store any password for Active Directory users.

Prerequisites

Setup on Windows

Setup on Linux

Debug

The connector doesn't appear in the setup page on the admin page

There is no group when I click on Add on the field Sync groups

My group doesn't contain all users

Updating the connector

The connector Trustelem ADConnect can be updated without any service interruption:


Revision #62
Created 1 July 2022 08:01:44 by WALLIX Admin
Updated 29 February 2024 13:47:46 by WALLIX Admin