Advanced User Synchronization Agent Integration (AUSI) – New Agent:
-
The Advanced User Synchronization agent is our next generation Passly Directory Syncing agent.
-
This agent provides the ability to synchronize physical Active Directory with any Passly organization.
-
This agent will replace the legacy Directory synchronization agent going forwards.
- This agent is currently a Beta version.
-
This is an server based agent sync.
- Physical Active Directory - Agent deployed on the Primary or Secondary Domain Controller.
Supported Operating Systems:
-
Windows Server 2016
-
Windows Server 2019
-
Windows Server 2022
Note: Passly only supports this agent when installed on a Domain Controller for Physical Active Directory.
Directory Types supported:
-
Physical Active Directory
Deployment location
-
Physical Active Directory - Must be installed on the Domain Controller (Primary or Secondary is acceptable).
Supported Microsoft .NET requirements:
-
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931
-
Microsoft Windows Desktop Runtime - 6.0.13 (x64)
Prerequisites to sync a user from AD to Passly
Note: Users will only be added if the following four pieces of information are present:
-
First Name.
-
Last Name.
-
Email Address.
-
User Logon name.
Note: If any of the above-noted data is missing from a user then the sync will stop and no further users will be added until the missing data is updated in Active Directory.
Deploying & Configuring Advanced User Synchronization Integration (AUSI)
- Access your Passly tenant via https://(companyname).my.passly.com
Note: You must be a member of the Administrator Role to deploy and figure this agent. - Select Directory Manager from the left menu.
- Select Directory Sync.
- Select the Blue + sign to add a new agent.
- Select the top icon for AUSI.
- Name the Agent.
Note: We suggest using the machine name where the agent is installed. - Select your preferred Provisioning Policy
Note: We recommend using the Default Provisioning Policy while deploying or testing the agent. -
Optional. Password Policy. You can enable the option to Synchronize password changes from Passly to Active Directory.
Note: This option is required if you want users to be able to reset their Active Directory via Passly.
Note: The Organization Password Policy must be updated via Directory Manager > Organizations > Specific Organization > Password Policy.
The Maximum Age & Minimum length need to make the Security policy applied in Group Policy for the Domain you are syncing.
- Select Add Agent.
- Select the Agent from the list.
- Select Download Installer.
-
Download the installer to the preferred Domain Controller.
Note: Ensure that the installer is copied to the local drive for the chosen Domain Controller. This installer does not support cross-Network installations. - Run the Installer elevated to prevent issues from UAC (Universal Account Controls).
- Select Yes if prompted by UAC.
- Select Install.
- Select Next to install the agent.
- Agree to the Terms of Use to continue installations.
- Select Next to continue the installation of the agent.
- Enter the Agent profile data to continue.
Home Realm:
ID:
Key:
Note: These values are confirmed in the Passly UI and visible on Step 11.
Note: The Home realm is your tenant URL https://(companyname).my.passly.com
Note: Use the Home realm for the organization or sub-organization that you are installing to Example: organization: https://(companyname).my.passly.com or sub-organization: https://(client-companyname).my.passly.com - Select Save Changes.
- Select Next to continue the installation.
- Chose Automatically Create a Service Account in Active Directory.
Note: If you need to use a custom Service Account Requirements: AUSI Agent: Service Account Requirements -
Select Install:
-
Select Finish to complete the installation.
-
Click Close to complete the installation.
-
Navigate to Directory Manager > Directory Sync. Select the newly created AUSI Agent.
Note: If you refresh the page. The agent status should change from Created to Active: -
Select the new AUSI Agent.
-
Select the Organizational Units tab.
-
Select the required Organizational Units.
Note: Selecting Organizational Units will allow you to define what items from Active Directory should be synchronized.
Note: Run Full Synchronization button allows you to initiate full synchronization anytime. This function will update OU and synchronize Users and Groups. - Scroll down and click ‘Save Changes’:
- Congratulations AUSI installation is done! You can now use AUSI Agent.