QUESTION
How do I enable Passly Directory Synchronization?
ANSWER
Supported Operating Systems
-
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Note: Effective March 1st. 2023 Passly only supports this agent when installed on a Domain Controller. Installation to a Domain Joined Server is no longer supported.
Directory Types supported
- Physical Active Directory
Supported Microsoft .NET requirement
- Microsoft .NET v4.8 https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net48-web-installer
Note: The use of this agent will require that the Windows operating system version has Internet Explorer 11 installed and fully updated.
Prerequisites to sync a user from AD to Passly
Note: Users will only be added if the following four pieces of information are present.
First Name
Last Name
Email Address
User Logon name:
Note: If any of the above-noted data is missing from a user then the sync will stop and no further users will be added until the missing data is updated in Active Directory.
Configuring Directory Sync
Log in to your Passly tenant.
- Select Directory Manager.
- Select Directory Sync.
- Select the circle with the plus sign in the bottom right corner and click on middle icon i.e Add New Directory Sync Agent
- Select Let's Get Started.
- Select Download Agent Installer.
Note: You should download and install this agent software on a domain controller that has the Microsoft .NET Framework 4.8+ installed.
Configuring the Directory Sync agent on a Domain joined machine.
Download directory on the server, or copy the DirectorySyncAgent Installer file directly to the machine.
Note: If you have any installation issues try running the MSI from an elevated command prompt (Run as Administrator) this should prevent interference from UAC (User Account Controls).
- Select Next
- Agree to the Terms of Use.
- Select Install.
- Select Finish.
- Enter your Passly Domain.
- Log into your Passly account as an Administrator. Please use the credentials of the main tenant administrator account.
- Chose the Service account. Click Continue
- Select OK.
From here you will return to the tenant web interface.
The newly installed agent will check-in and be displayed in the Directory Sync section. Click Next.
Selecting Organizational Units will allow you to define what items from Active Directory should be synchronized. Click Next.
Select the Organization, Agent Friendly Name and Activation Policy. Click Next.
Exit.
Select the agent by clicking on it.
By selecting Edit you can set the following.
- Name
- Status
- Provisioning Policy
- Password Policy (Synchronize password changes from Passly to Active Directory)
Note: If you choose to use the Full Onboarding Policy all the users added will receive an enrollment email.