Upload
others
View
18
Download
0
Embed Size (px)
Citation preview
Global Relay Message – Identity Sync
Overview April 2019
Copyright © 1999-2019 Global Relay. Confidential and Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission. 20190411
Global Relay - Identity Sync - Overview Page 2 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
Disclaimer
This material is provided for informational purposes only and is subject to change without notice. Global Relay, by publishing this material, does not guarantee that any information contained herein is or will remain accurate, or that use of the information will ensure correct or error-free operation of the relevant service, component, or tool. Global Relay makes no warranty, express or implied, with this material or the information contained herein. Global Relay, its directors, officers, employees, agents, and affiliates, will not be liable for any loss or damages whatsoever resulting from any user’s reliance on the information contained herein, including liability for any compliance or technical guidance provided. Nothing in this material alters any existing contractual agreement between Global Relay and any party.
This material contains information proprietary to Global Relay and may not be reproduced, disclosed, or used in whole or part without the express written permission of Global Relay. Any services and software, including but not limited to, the code, screen, page, structure, sequence, and organization thereof, and documentation are protected by national intellectual property laws and international treaty provisions.
Products or brand names are trademarks or registered trademarks of their respective owners. Any use of a brand name and/or mark is to identify its data type. No implication of endorsement by, or affiliation with, any identified brand is intended.
Global Relay - Identity Sync - Overview Page 3 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
Contents
Using this Overview .......................................................................................................................................... 4
System Requirements ...................................................................................................................................... 5
Supported Directory and Exchange Versions ............................................................................................... 5
Memory Requirements ................................................................................................................................. 5
Minimum Attribute Requirements ............................................................................................................... 5
Installing the Identity Sync Client .................................................................................................................... 6
Requirements................................................................................................................................................ 6
Installing the Identity Sync Client ................................................................................................................. 6
Appendix A: Commonly-Used Attributes ....................................................................................................... 11
Appendix B: System User ............................................................................................................................... 13
Global Relay - Identity Sync - Overview Page 4 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
Using this Overview Global Relay Identity Sync synchronizes attributes from your organization’s identity management system, typically using Lightweight Directory Access Protocol (LDAP), to control user access to Global Relay Message.
When updates are made in your identity management system, Identity Sync captures them on a scheduled basis to automatically sync with Global Relay’s administrative application, Service Manager, which configures access to Global Relay Message.
Using Identity Sync is crucial for creating a simplified provisioning process, so you can automate access
based on attributes in your identity management system.
Global Relay - Identity Sync - Overview Page 5 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
System Requirements
Supported Directory and Exchange Versions
Directory Server Versions:
Active Directory Server Versions:
o Windows 2008 R2 64 bit
o Windows 2012 R2 64 bit
o Windows 2016 R2 64 bit
OR
Domino Server Version:
o Domino 8.5.3 Lotus Designer 8.5.3
Memory Requirements
8GB RAM; 250GB disk space
Minimum Attribute Requirements
All user accounts must have the following attributes populated:
First Name
Last Name
NOTE: The email attribute value is used to populate your users’ Login ID. For a list of commonly used attributes, see Appendix A: Commonly-Used Attributes.
Global Relay - Identity Sync - Overview Page 6 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
Installing the Identity Sync Client Prior to installing the Identity Sync Client, ensure you have met the system requirements.
Requirements
A service account with read access to your identity management system.
o Read permissions are required to execute Identity Sync Lightweight Directory Access Protocol (LDAP) queries.
Access to the root certificate – DigiCert High Assurance EV Root Certificate Authority – to provide a TLS 1.2 connection to Global Relay.
To securely connect to Global Relay and update Identity management information, you must provide proxy (HTTP, SOCKS4, SOCKS5) or direct access to port 443 for both:
o dirsync.globalrelay.com
o login2.globalrelay.com
Provide your Global Relay engineer with the hostname or IP address of your Active Directory server
Ensure that you have updated the password for the system user provided by logging in to https://login2.globalrelay.com
Installing the Identity Sync Client
NOTE Before installing or upgrading, you must meet all of the requirements.
1. Note any user credentials currently used to run the Windows service “Global Relay Directory Sync Client”. You may need this information later.
2. If running, stop the Windows service “Global Relay Directory Sync Client”.
3. Unzip the Identity Sync Installation Package and run the DirectorySyncClientSetup.msi The default installation directory is in the Program Files directory.
Global Relay - Identity Sync - Overview Page 7 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
4. Click Next.
5. In the System user name field, enter the username provide by Global Relay.
6. In the Password field, enter the username provided by Global Relay.
NOTE: If you haven’t already, update the password provided by Global Relay at https://login2.globalrelay.com
7. Click Next.
8. In the Connection Configuration dialog:
If you connect directly to the internet, click Next.
If you connect via a proxy, enter the proxy server and port; then select authentication type; enter your proxy username and password; and click Next.
Global Relay - Identity Sync - Overview Page 8 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
9. In the Directory Configuration dialog:
i. (Optional) To connect the directory via SSL, select the Require SSL connection to Directory checkbox.
ii. Select the Set Directory credentials checkbox; enter the username and then enter and re-enter/confirm password.
OR
Select the Set LDS fallback Default Naming Context checkbox and enter the Default Naming Context for the LDS instance. This setting will be used if the Default Naming Context is not configured for the LDS instance
Global Relay - Identity Sync - Overview Page 9 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
10. Click Next and then click Install. A connection test checks the connectivity for the sync and if configured the proxy server. If the test is successful, the following dialog displays:
If the test is unsuccessful, the following dialog displays:
11. Click Finish. The Identity Sync Client and, if selected, the ConnectionTestTool will start.
Global Relay - Identity Sync - Overview Page 10 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
NOTE: The connection test tool runs on an Administrator command console. Use it to test your Global Relay and identity management system connections and to check the running status.
12. If necessary, after installing or upgrading, update the credentials of the user running the Windows service “Global Relay Directory Sync Client”, as noted in Step 1.
Global Relay - Identity Sync - Overview Page 11 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
Appendix A: Commonly-Used Attributes The following list outlines some commonly used attributes to sync from your identity management
system, categorized by Active Directory and Domino Directory.
For more information on how to leverage your directory attributes to improve your company workflows,
consult your Global Relay account manager.
Active Directory attributes:
Friendly Name Attribute Name Example
First name* givenName Andrea
Last name* sn Lacey
Email address* mail [email protected]
Department department Sales
Country co United States
Aliases proxyAddresses alacey
Employee ID employeeID 34256
Date created whenCreated 2018-01-01
Job title title Manager
Phone number telephoneNumber 555-1234
Reports to manager Dave Lautner
*Mandatory required attributes
Global Relay - Identity Sync - Overview Page 12 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
Domino Directory attributes:
Friendly Name Attribute Name Example
First name givenName Andrea
Last name sn Lacey
Email address mail [email protected]
Department department Sales
Country country United States
Employee Number employeeID 1437
Global Relay - Identity Sync - Overview Page 13 of 13 24/7 Technical Support: 1.866.484.6630 / [email protected] / [email protected] Copyright © 1999-2019 Global Relay. Confidential & Proprietary. All Rights Reserved. Not to be reproduced or distributed without permission.
Appendix B: System User Your firm must designate a system user, which Global Relay will provision for the purpose of authenticating the Identity Sync service connection to Global Relay.
A username and temporary password will be provided for the system user. After which, the system user must update their temporary password via the following URL: https://login2.globalrelay.com/mockService/login