Directory Agent and hybrid user identification

With the Hybrid Module, an interoperability component called Directory Agent is required if you want to enable user, group, and domain (OU) based policy enforcement through the hybrid service.

Directory Agent must be installed on a machine from which it can communicate with:

• Your supported LDAP-based directory service (Windows Active Directory [Native Mode], Oracle Directory Server, or Novell eDirectory)
• Sync Service

Directory Agent can be installed on the same machine as other web protection components, including Sync Service and User Service.

After deployment, use the Forcepoint Security Manager to configure Directory Agent to collect data from your directory service (see Send user and group data to the hybrid service). Once configured, Directory Agent collects user and group data from your directory service and sends it to Sync Service in LDIF format.

At scheduled intervals (see Schedule communication with the hybrid service), Sync Service sends the user and group information collected by Directory Agent to the hybrid service. Sync Service compresses large files before sending them.