How the service works with LDAP

For each data synchronization:

1. The Directory Synchronization Client communicates with the LDAP server and returns the selected data (users, groups, and email addresses).
2. The Directory Synchronization Client performs a synchronization and returns incremental changes to the portal via Secure Hypertext Transfer Protocol (HTTPS). You can force a full synchronization when necessary.
3. The uploaded data is stored in the cloud service, alongside any user and group data managed directly via the Security Portal.
4. If both user and group data is required, the update occurs in 2 transactions. If one fails, the other can still succeed. Email addresses are a third transaction.
5. The client authenticates with the portal using a username and password that you establish manually on the Contacts page. (Consider an appropriate password expiration policy for that user so you don’t have to regularly update the client application with the password changes.)
6. LDAP synchronized data is viewable but not editable through the portal.

The synchronization client resides on a computer at the customer’s site and accesses one or more LDAP directories via the customer’s network. If more than one LDAP directory is accessed, then this data can be merged together by the synchronization client before it is synchronized with the cloud service.