We offer Active Directory integration through SSL/LDAPS interaction between your LDAP server and our database servers. The exchange and update of user access information happens once per hour and will affect the user account specifics such as full name, username, and password.
No SSO (Single Sign-On) system is being used to authenticate or integrate user account information. This is a separate independent service which may or may not be used with AD integration. It requires additional per user charges (industry typical is $7-$15/user/month) and we do not currently offer this.
Each hourly integration will check for user status and update the file transfer site accordingly, adding, modifying, or deleting specific user accounts as necessary. Any new resulting user account created is perpetually treated by our system as an AD account and is visually indicated as such in the User list display in the Manage Users section. You can still create FileGenius user accounts independent of AD.
Our access control is defined by users’ permissions, settings, and workspace and group memberships. As there are no equivalent fields or record info that will translate from your LDAP-housed user information to our systems, you will need assign users permissions and workspace assignments after initial user sync.
Once Active Directory integration is activated the customer will complete the set up by entering the following information into a form accessible in the FileGenius siteʼs Control Panel.
- Customerʼs Host name (or IP address).
- Port number 636 for SSL, using LDAPS; the customer must purchase and configure a security certificate for LDAPS if this is not already in place.
- Account Suffix (ex., @yourcompany.local)
- Base DN (ex., DC=yourcompany,DC=local)
- Username and password of an Active Directory user with administrative access.
FileGeniusʼ participation in the integration is read-only.
As our Active Directory sync system requires access to your Active Directory server via the internet, it is highly recommended you restrict outside traffic to our FileGenius servers.
To do so please open the following IPs on your firewall:
Without taking this measure any IP could potentially access your Active Directory server.