Configuring the LDAP/LDAPS connection
Integrate Active Directory either through an LDAP or LDAPS connection.
Steps
- Sign in to Forcepoint ONE Platform.
- From the application waffle, select Admin.
-
From the left Navigation Pane, click the LDAP icon.
The following page opens displaying existing LDAPs.
-
To add a new LDAPS, click +Add LDAPS.
The Add LDAPS opens on the right pane.
- Click the toggle switch to enable the LDAP or LDAPS configuration.
-
From the Vendor drop-down, select the applicable vendor for which you want to create LDAP or LDAPS.
By default, ActiveDirectory is selected.
-
Under the General section, enter values for the following fields:
Parameter Description Toggle Switch Toggle switch to enable the configuration. Default Toggle switch to make configuration as default one. Name Enter the name of configuration Server Type Specifies the server type. Description Brief description on the configuration -
Under the Server Settings, enter values for the following fields:
Parameter Values Description Bind DN CN=Administrator, CN=Users, DC=pnq, DC=aps Required parameter. The usernames that will be used for searching and requesting authentication. Bind Password Password used by the LDAP user specified in the Bind DN. Connection URL For example: ldaps://domain.pnq.aps Required parameter. The hostname or IP address of the Active Directory server. Note: LDAP connection is not available for cloud tenants.Sync Interval Default value is 1 hour Required parameter. The time in hours to wait between directory updates. Server Connection Timeout Default value is 30 seconds. Required parameter. The duration in seconds that Forcepoint ONE Platform waits before considering the Active Directory server is unreachable. - To verify that the connection to the Connection URL works, click Check Connection.
-
Under the LDAPS Schema section, enter values for the following fields:
Parameter Values Description Base DN DC=MyDomain, DC=com Required parameter. Proper base for the Active Directory where Forcepoint ONE Platform starts searching the directory structure. Starting point to look for a user. User Base DN CN=users, DC=example,DC=com Starting point to look for user. Group Base DN CN=Users, CN=Builtin, DC=MyDomain, DC=com Starting point to look for a group. Organization Unit DN DC=rbi, DC=qa, DC=forcepoint, DC=fpoptest Starting point to look for Organization Unit. -
Under the User Schema section, enter values for the following fields:
Parameter Values Description First Name The user attribute whose value is a first name. Last Name The user attribute whose value is a last name. Manager Long Name The user attribute whose value is a manager long name. Contact Number Attribute CN=Telephone-number Contact number of the user. Display Name Attribute cn=Display-Name Required parameter. The user attribute whose value is the display name. Email Attribute cn=E-Mail-Address Required parameter. The user attribute whose value is the email address. Filter (&objectCategory=person)(objectClass=user)) Required parameter. Select the users that match the filter. This can be used to limit the number of users with access to Forcepoint ONE Platform. Fixed ID Attribute sAMAccountName Required parameter. This is a fixed attribute in LDAP. It is used to search user/group in the database and based on the availability of a match, the user or user groups are updated or created. Group Member Attribute memberOf Required parameter. This attribute defines the members of users in the user group. User Attribute sAMAccountName or userPrincipalName Required parameter. The attribute whose values match with the username part of the credential entered by the users when logging into Forcepoint ONE Platform. User Principal Name Attribute ObjectSID Attribute ObjectGUID Attribute MS DS ConsistencyGUID Attribute SAM Account Name -
Under the Group Schema section, enter values for the following fields:
Parameter Values Description Filter (&objectCategory=group) Required parameter. Criteria to filter or limit the number of groups that are imported to Forcepoint ONE Platform. Fixed ID Attribute cn for OpenLDAP, name for AD Required parameter. This is a fixed attribute in LDAP. It is used to search user groups in the database and based on the availability of a match, the user groups are updated or created. Name Attribute cn for OpenLDAP, name for AD Required parameter. Select the groups that match the filter. Group Email Required parameter. The attribute holding the email of a group. -
Under the Organization Unit Schema section, enter value for the following field:
Parameter Values Description Filter (&objectCategory=group) Required parameter. Criteria to filter or limit the number of Organization Units that are imported to Forcepoint ONE Platform. - Click Save to save the Active Directory settings.