Importing Users
Prior to an end user being able to use Forcepoint ONE SSE, the user must exist within the portal under the Users and Groups page.
There are 3 primary ways users can be imported/created: Active Directory Synchronization agent (AD Sync), SAML auto-provisioning, and/or config REST API.
- The AD Sync agent is an agent which is installed on a workstation/server joined to the domain. This tool makes an LDAP request to discover users within AD Security Groups and/or Organizational Units that the administrator defines. All users within the group are automatically imported to the portal and kept in sync as changes are made.
- SAML auto-provisioning creates users after they successfully authenticate to an external Identity Provider (IdP) using SSO. Not all thick client apps use SAML 2.0 (e.g. Office 2010, ActiveSync), so users are required to login at least once using on an app/browser that uses SAML SSO before access is possible through any non-SAML method (e.g. ActiveSync in iOS mail).
- Config REST API can be used to create/manage users and groups.