The Connectors are used for adding Active Directory accounts to a PEM environment. You can configure connector for each domain or Forest. Using this page, you can add a connector, Sync accounts and users for a particular forest, delete or disable an existing connector, etc.
Adding a Connection
If you have AD users stored across multiple connected forests, you must add those forests to PK Endpoint Manager here. Using this feature, you can add a connector for both Microsoft AD and Azure AD. To add a connector, go to Identities > Connectors. This will open the Connectors page and the list of registered domains are displayed.
- Click Add Connector. The Add Connector page displays.
- If you, choose Azure AD in the Provider drop-down. Populate the information in the Name, Tenant ID, Client ID, and Client Secret fields with information that is displayed in Azure for the Azure AD app. The Enabled checkbox allows you to enable or disable the connector for use. By default, it is enabled when a connector is added.
b. If you, choose Microsoft AD in the Provider drop-down. Populate the information in the Name, Server, Username, and Password fields with information displayed in Microsoft AD. Check Use SSL to connect securely. The Enabled checkbox allows you to enable or disable the connector for use. By default, it is enabled when a connector is added.
2. Enter the UserID or SID on the new forest to search it.
3. Click Save to add connector account details.
*Note: If PK Endpoint Manager fails to connect to an Active Directory Connector, PEM will disconnect and attempt to reconnect (retry) to the Connector. This establishes a clean connection. The failure will be logged. By default, only one connection retry is allowed. Contact your PK Protect system administrator if the problem persists.
Use the Active Directory Connections page to search for a User or SID on all connected forests.
*Note: You can define what forest PK Protect searches first with the Order column on the Active Directory Connections page. Drag and drop the icon for each server to change the current order.
In a large-scale PK Protect deployment, you may want to load some user accounts before they connect. The Stage option on the Active Directory Connections page gives you the ability to decrease load during the initial rollout.
- Click Stage next to the server’s name. This allows you to add all available accounts for that server.
- Define the path to the Organizational Unit you want to load accounts from.
- Use Lightweight Directory Access Protocol (LDAP) filters to specify what accounts to add. See Extracting Files in the PK Protect Command Line Interface user guide for more information on using LDAP filters.
- Specify a limit for the number of accounts to stage.
- Click Stage to start the process.
Click Staged Accounts on the Active Directory Connections page to review the existing Staged Accounts
To check the connectivity for the connectors, click Check Connector button. This allows you to check the connectivity for all the registered domains.
The user/group information is stored locally on the PEM server/ local machine. The information is re-synched at a specific time interval. If you click Sync Accounts button, PEM reach out to the identity provider and sync with the current list of users. Similarly, if you click Sync Groups button, PEM reach out the identity provide and sync with the current list of groups.
Editing a Connector
To edit a connector from the Connectors page, click Edit button. This allows you to update the details of the registered domain.
Deleting a Connector
To delete a connector from the Connectors page, click Delete button. This will remove the registered domain from the page.
Disabling a Connector
Click Disable button to disable the connector for the use. By default, a connector is enabled when added.
Diagnosing a Connector
Click Diagnose button to view the configuration information for a specific connector. To run a diagnose card, you need to edit a connector.