At Sentinel Messaging we continue to recommend Microsoft Active Directory (LDAP) as the preferred option for adding new customer accounts. This requires minimal on-going management as a setting can be made to automatically update every 24 hours ensuring accuracy.
Remind me what Active Directory (LDAP) is?
LDAP Discovery is the recommended method for provisioning users on the Sentinel Messaging platform from Active Directory. It allows users, their email addresses and security groups to be imported directly from a client’s Microsoft Active Directory. It is a one way synchronisation for your protection and requires read only permission of Active Directory.
In addition, the Sentinel Messaging service only supports the usage of Microsoft’s Active Directory system.
What are some Active Directory requirements to use with Sentinel Messaging?
- Microsoft Active Directory server
- Access to the server to manage the LDAP
- Ability to use the SIMPLE bind authentication
How can I configure Active Directory settings?
Log in with your management credentials then navigate as so: Company Settings > Import Users > Active Directory.
Note: Configuration of LDAP discovery requires a basic understanding of Active Directory and requires some minor firewall modifications.
The following settings should then be completed in order to successfully configure active directory (LDAP) as your selected method for provisioning new user accounts. Once this is complete active directory requires minimal additional management.
- Default New User Privileges: End User – User will get a welcome message and able to log in to the interface. Silent User – Will not receive a welcome message and unable to log into the interface. A welcome message contains the initial user’s log-on information.
- Active Directory URL: Please specify a URL or IP address that Sentinel Messaging can use to query the organization’s Active Directory Server. Note: Please ensure that port 389 is open to Sentinel Messaging for querying.
- Username & Password: These fields contain the username and password of the account Sentinel Messaging should use to query the Active Directory service. We recommend an account created specifically for this task with Email disabled e.g. MDAcc and using a complex password.
- Base DN: This case sensitive field should contain the exact Base DN of the Active Directory forest. This is specific to the local site and contains a wide range e.g. mycompany.local which would be equal to DC=mycompany,DC=local
- Active Users?: Select this option to create new user accounts in Sentinel Messaging for all email enabled user accounts that exist in the customer’s local Active Directory but do not already exist in Sentinel Messaging .
- Disabled User Accounts?: Select this option to disable user accounts in Sentinel Messaging for all email enabled user accounts that exist in the customers local Active Directory which currently have a local status of Disabled.
- Functional Accounts?: Select this option to create new Functional Accounts in Sentinel Messaging for all email enabled Distribution Lists / Security Groups / Public folders that exist in the customers local Active Directory which do not already exist in Sentinel Messaging.
- Security Groups?: Select this option to create new Security Groups in Sentinel Messaging for all non-email enabled Security Groups that exist in the customer’s local Active Directory which do not already exist in Sentinel Messaging.
- Include items hidden from the GAL?: Option to include items hidden from the GAL(Global Access List)
- Add: Select this option to ensure all new Accounts & Groups in the LDAP query are returned and added to the Sentinel Messaging platform under the managed organisation.
- Sync Updated Accounts: Select this option to ensure that all updated Accounts & Groups in the Active Directory query are returned and updated in the Sentinel Messaging platform to stay synchronised with the actual current configuration at the customer site.
- Delete Removed Accounts: Selecting this important option ensures that you are only processing traffic for existing accounts and that you keep your licence account at an accurate level based on enabled Active Directory accounts only.
- Sync Every 24hrs: Select this option to set the Sentinel Messaging User Configuration to a state of “Set & Forget”. This will mean that once per 24hrs the Sentinel Messaging LDAP Discovery function will automatically query the customer’s active directory and reflect any changes in line with the settings configured above.