Provisioning users from Active Directory
Active Directory (AD) integration supports automatic provisioning and deprovisioning of users as well as synchronization of user group membership changes made in AD.
To setup directory sync, you need to deploy the Forcepoint ONE SSE AD Connector. Select groups and organizational units (OUs) which will be used as the source for synchronizing user and group membership change. The synched Groups/OUs can also be used in policy rules for security enforcement.
Agent authentication can be utilized once your User Source has been set to Active Directory. Forcepoint ONE SSE can cache a user's AD password hash so authentication is done inside of Forcepoint ONE SSE instead of querying AD every time. The cache expires every 24 hours.
If you are using AD agent authentication, it is required that you have redundant agents setup in order to ensure High Availability. This ensures users can login in the event of a failure, for example, the agent becomes unreachable, agent connectivity to the AD server is lost, the machine running the agent goes down/reboots, etc.