Connecting web protection software to a directory service

A directory service stores information about a network’s users and resources. Before you can add directory clients (users, groups, or OUs) in the Forcepoint Security Manager, you must configure User Service to retrieve information from your directory service.

Use the Settings > General > Directory Services page to identify the directory service used in your network. You can configure settings for only one type of directory service per Policy Server.

Note: If you have the Hybrid Module, information from the Directory Services page is also used to populate the Hybrid Configuration > Shared User Data page. This allows the hybrid service to apply user and group-based policies. See Send user and group data to the hybrid service.

First select a directory service from the Directories list. The selection that you make determines which settings appear on the page.

Important: The same directory service should be used by Content Gateway when proxy authentication is enabled.

See the appropriate section for configuration instructions:

  • Connecting to Windows Active Directory (Native Mode)
  • Connecting to Novell eDirectory or Oracle Directory Server
Important: If you have the Hybrid Module, the hybrid service supports Windows Active Directory (Native Mode), Oracle Directory Server, and Novell eDirectory.

Once configuration is complete, User Service communicates with the directory service so that users, groups, and OUs can be added as clients and assigned policies.

User Service caches the user and group information that it collects for up to 3 hours. If you make changes to user, group, or OU entries in the directory service, use the Clear Cache button under User Service Cache to force User Service to refresh its user and group mappings immediately. Note that user-based policy enforcement may slow down for a brief period while the cache is being recreated.

Note: The Clear Cache option applies only to user service cache and does not impact cache used by Filtering Service

If you plan to allow administrators to use their network accounts to log on to the Security Manager, you must also configure directory service communication on the Global Settings > User Directory page. The same directory must be used to authenticate all administrative users. See the Global Settings Help for details.