Active Directory - User and Profile Sync
This document will help you to configure profile sync via User Source. Before you continue, you need to make sure you have a valid license and configuration on your MonoSign Management Portal.
đ Instructions
This documentation will contain 3 main steps and 5 optional step for integration.
You need to login with ârootâ user to management portal.
Go to âDirectoryâ => âSourcesâ from left menu.
Go to âAny Source from the Listâ by clicking the source name (If any User Source created)
Click the âSettingsâ button in the upper right corner.
Create a new User Source by reading Create a New User Source document. (If User Source is not created). After User Source Created, please Go to âUser Sourceâ by clicking the source name that just created.
Click the âSettingsâ button in the upper right corner.
Configure Source Settings for Profile Sync
Configure âGeneralâ Tab
Configure âFiltersâ Tab
Configure âSSL/TSLâ Tab
Configure âMappingsâ Tab
Configure âPasswordâ Tab
Only Admin Users can make changes to âSourceâ configuration.
If there is no User Source defined or User Source Settings is not configured before. Admin can continue to Step 2. But if there is a User Source defined or User Source Settings is configured before, admin user can jump into âStep 3 - d. Configure Mappings Tabâ section and complete the profile sync via User Source.
Once âStep 3 - d. Configure Mappings Tabâ section completed, please click âSaveâ button and then start User Source Sync in Full mode.
To start User Source Sync in full mode, go to Edit Source page and activate âEnable Auto Syncâ button and click âSaveâ button. The Source will start the sync in a full mode in next run.
Step 2 - Navigating to User Source Settings
Navigate To User Source Settings 1
Once admin navigated to User Source Settings, admin will see a configuration page as shown below.
Navigate To User Source Settings 2
User Source Settings
Step 3 - Configure Source Settings for Profile Sync
You can see an example User Source Settings configurations for Microsoft Active Directory below. Letâs start with configuring âGeneral Tabâ.
a. Configure General Tab
User Source General Settings Configurations 1
User Source General Settings Configurations 2
General Fields | Description |
|---|---|
Type | Active Directory Type that MonoSign supports. Supported Active Directory Types : Microsoft Active Directory, Apache Directory Server 1.0.x, Apache Directory Server 1.5.x, Apple Open Directory (Read-Only), FedoraDS (Read-Only Posix Schema), Generic Directory Server, Novell eDirectory Server, OpenDS, OpenLDAP, OpenLDAP (Read-Only Posix Schema), Generic Posix / RFS2307 Directory (Read-Only), Sun Directory Server Enterprise Edition |
Domain Ip or Host | Domain IP or Domain Host name that wants be connected to. |
Port | Port that wants be connected to. (Default is 389 without SSL and 636 with SSL.) |
Use Secure Connection | Defines if connection to the Active Directory will be secure (with SSL) or unsecure (without SSL) |
User Base DN | Defines the base DN of Active Directory |
User Search Container | Defines the search container. When the required configurations filled, you can select search container under the ActiveDirectory BaseDN. After container selected, you can add additional LDAP filter to your selection |
Domain Name | Defines the domain name such as âmonoactivedirectoryâ |
Domain User Name | Defines the Domain User Name. The user must have permissions such as (read, write, password reset) |
Domain User Password | Defines Domain User Password (This information will be encrypted. Don't type anything if you don't want to change.) |
Sample User Name | Defines Sample User Name (Sample User can be used for health check for user authentication) |
Sample User Password | Defines Sample User Password (This information will be encrypted. Don't type anything if you don't want to change.) |
Use Base DN for User Authentication | Defines if AD Base DN will use for User Authentication |
Referral Following | Defines if User Source will follow the referrals |
Connection Timeout | Defines the connection timeout for User Source (in seconds) |
Use Deleted Base Filter | |
Ignore Default Directory Properties | Active Directory has a default properties such as sAMAccountName, userPrincipalName. If âIgnore Default Directory Propertiesâ enabled, user source will ignore the default directory properties by reloading user properties. |
Additional Directory Properties | You can add Additional Directory Properties such as msRTCSIP-PrimaryUserAdresses. |
Time Skew | If you are using more than one DC or address, using time skew value is good for sync issues (Type in minutes) |
Profile Identity Property | If you want to bind this value to your profile information, type your property name. |
When the admin fills all the required configuration, admin can test if the configurations and connection is correct by clicking âTestâ button in the lower right corner.
If admin sees a modal with the green section as shown below, everything seems correct for the general settings.
User Source General Settings Configuration Test
b. Configure âFiltersâ Tab
For the Filters Settings configurations, admin user does not need to change anything because the fields will be generated as a template.
For the Users, if users whose donât have UserName or Email wants to be excluded, please enable âExclude Users that has empty UserNameâ and âExclude Users that has empty Emailâ as shown.
User Source Filters Settings Configuration
Filters Fields | Description |
|---|---|
Deleted Base Filter | Defines deleted base filter for Active Directory users to sync also deleted users |
User Search Filter | Defines user search filter for Active Directory users to sync |
Group Search Filter | Defines Group search filter for Active Directory users to sync |
Deleted Filter | Defines deleted filter for Active Directory users to sync (Default: isDeleted=TRUE) |
Text Filter | - |
Basic Text Filter | - |
Id Filter | - |
Exclude Users that has Empty Username | Defines that if users whose donât have UserName wants to be excluded |
Exclude Users that has Empty Email | Defines that if users whose donât have Email wants to be excluded |
c. Configure âSSL/TSLâ Tab
User Source SSL/TLS Setting Configuration
Filters Fields | Description |
|---|---|
SSL Protocol Version | Defines the protocol version for connecting to Active Directory Server. Supported Protocol Versions : SSL 2.0, SSL 3.0, TLS, TLS 1.1, TLS 1.2, TLS 1.3 |
Skip SSL Certificate Validation | Defines if Active Directory User Source will skip SSL certificate for the Active Directory connection. |
SSL Certificate Thumbprint | Defines the SSL Certificate Thumbprint for the Active Directory connection. For the connection to Active Directory, the Certificate Thumbprint is mandatory if SSL used. |
d. Configure âMappingsâ Tab
Mappings configuration is used to sync user profile properties from the User Source properties.
In this section we will be able to sync Active Directory attribute/property values to MonoSign user created by Active Directory User Source.
You can see an example of Active Directory User attributes/properties down below.
Active Directory Attributes/Properties
You can see an example of MonoSign User attributes/properties down below created before.
MonoSign Attributes/Properties
If there is no property created on MonoSign, admin can create Profile Property by reading the documentation.
For an example:
employeeID, company, department, givenName, sn, displayName and title active directory attribute/property values will be mapped to EmployeeId, Company, Department, FirstName, LastName, FormattedName and Title MonoSign attribute/property values.
Admin can change configuration on the Source Settings Mapping Configuration as shown. You can see an example below.
User Source Settings Mapping
e. Configure âPasswordâ Tab
Password Settings configurations is used for override the Microsoft Active Directory password policy. Admin user needs to enable override for custom password policy as shown.
Password Fields | Description |
|---|---|
Minimum Password Length | Defines the minimum password length for password change. (Numeric) |
Maximum Password Length | Defines the maximum password length for password change. (Numeric) |
Minimum Number of Requirement Category | Defines password requirement category count that user need to follow. For example, if you set this value to 3, user will be required to follow 3 password requirement category like at least 1 numeric, 1 letter and 1 upper case. Category number should be between 1 and 5. (Numeric) |
Minimum Number of Letters | Defines the minimum number of letters (Numeric) |
Minimum Number of Lowercase Letter | Defines the minimum number of lowercase letter (Numeric) |
Minimum Number of Uppercase Letter | Defines the minimum number of uppercase letter (Numeric) |
Minimum Number of Numeric Characters | Defines the minimum number of numeric characters (Numeric) |
Minimum Number of Special Characters | Defines the minimum number of special characters (Numeric) |
Allowed Special Characters | Defines the allowed special characters (Text) |
Regex Blacklist | Defines the regex blacklist in regex format. (Text) For example : |
Number of Password History Count | Defines the number of password history count. MonoSign keeps the history count for user behavior. (Numeric) |
Number of Failed Login Attempts in a Row | Defines the number of failed login attempts in a row. (Numeric) For example: User can only {{count}} times fail his/her password in a row. Otherwise user account will be locked |
Minutes that Should Have Been Waited to Login After Number of Fail Attempts is Exceeded | Defines that if user exceeds the number of fail attempts, user needs to wait {{count}} minutes to attempts login again. (Numeric) (in minutes) |
User Can Change Itâs Next Password | Defines when user can change his/her next password (Numeric) (in minutes) For Example: Letâs assume that example value is 60min. If user changed his/her password just now, user needs to wait 60 minutes to change his/her password again. |
User Password Will Expire In | Defines when userâs password will be expired (Numeric) (in minutes) For Example: Letâs assume that example value is 120min. Userâs password will expire in 120 minutes. |
Minimum Password Score | Defines minimum password score. Password Score Types: Very weak, Weak, Medium, Strong, Very Strong, Extreme You can see how MonoSign calculates the password score below.  Password Score Calculate |
Enable Disclaimer Page | Defines that if disclaimer page will be shown before changing userâs password. The disclaimer page will shown to the user just before password change page. You can see how MonoSign show the disclaimer page.  Password Change Disclaimer Page |
Enable Success Page | Defines that if success page will be shown after changing userâs password. The password success page will shown to the user just after password change page. You can see how MonoSign show the success page.  Password Change Success Page
|
Password Expiration Reminder Email Will Be Sent Before (Days With Space Separated) | Defines when password expiration reminder email will be sent before. (Numeric) Admin needs to specify the values days seperated. For Example : 3 5 7 |
Password Expiration Reminder Channels | Defines which notification reminder channels will be used to inform userâs. Channels: Web Notification, Push Notification, SMS, Email |
Once all the settings completed on User Source Settings please check all the fields and then click the âSaveâ button and Start User Source Sync in Full mode.
To start User Source Sync in full mode, go to Edit Source page and activate âEnable Auto Syncâ button and click âSaveâ button. The Source will start the sync in a full mode in next run.
Full Sync Mode will create/update Users from Active Directory and Full Sync Mode will create/update profile property values on MonoSign.
When User Source Full Sync completed, you can check your source users and users' profile property values.
To check Users and User Profile Property values, please follow the steps.
For user check.
Go to Directory â Users
Search your user such as âmermaya.mâ
If you see a screen with user as shown, it means user sync completed via User Source.
For user profile property value check.
Go to Directory â Profiles
Search your user such as âmermaya.mâ.
Click your username on the list and view user profile
If you see a screen with profile property values as shown, it means profile sync completed via User Source.
User Profile Property Values
You have completed user sync and user profile sync via User Source.