Introduction

The cloud service allows you to make use of System for Cross-domain Identity Management (SCIM) or LDAP directories, such as Active Directory, so you don’t have to re-create user accounts and groups for your email and web services or manage users and groups in two places.

User identity information maintained in a cloud-based service such as Okta or Microsoft Azure Active Directory can be forwarded to the cloud service using SCIM. Changes made to the user information are forwarded to the cloud automatically.

Note: SCIM is not supported with Forcepoint Email Security Cloud.

The cloud service optionally synchronizes with LDAP directories via a client-resident application known as the Directory Synchronization Client. Changes made to a directory, such as deleting a former employee or adding a new one, are picked up by the service on the next scheduled update. If you have more than one LDAP directory, the client can merge them together before synchronizing the data with the service.

For cloud web products, if you have set up the account for NTLM identification and synchronized NTLM IDs, end users do not need to register for the service on the portal (unless they are traveling outside of the network).

Important: The cloud service supports only one instance of the Directory Synchronization Client for each account. Using multiple synchronization configurations, or even using multiple installations of the Directory Synchronization Client, can cause data on the cloud service to be overwritten.