AD Integration With SafeConsole Cloud


This article is designed to help integrate Active Directory into the SafeConsole Cloud Server. Please note that this process will require interaction with the Datalocker Support Team as they will need to submit a change request for your cloud server to the Datalocker WebOps team.


Our support team can be reached at: https://support.datalocker.com or support@datalocker.com 


Before You Begin: 


You will need to confirm that LDAPS is set up on your Windows Server. For more information, please refer to this Microsoft Guide: Step by Step Guide to Setup LDAPS on Windows Server


This guide will also confirm the root CA certificate of the AD server, as well as confirmation of the ports that need to be open to allow communication. 


Next Steps: 


Once it is confirmed that the AD Server has LDAPS setup, along with the root CA certificate and the proper ports opened up, you may now begin to generate the needed information for the support team to allow integration into the cloud environment. 


1. Run the SafeConsole Configurator: Download Link

 

Download the configurator to a new file location located on your desktop. This is where all the important files will generate for the Datalocker Support Team. 




- Run the Configurator

 

- Input your Domain Name


- Check the Integrate SafeConsole box


- Input the Domain Controller Name


- Input the Port Number (389 Default)


- Input Non-Privileged AD user credentials


- Click the [Right Green Arrow]










- If the configurator has made a successful connection to the AD, you will be able to determine the security groups using the different groups of users within the AD. 


- Confirm each Security Group and the Domain User Base 


- Click the [Right Green Arrow] 





















- This step is not needed for the AD integration


- Click the [Right Green Arrow]




















- This step is not needed for the AD integration


- Click the [Right Green Arrow]





















- Click on [Generate SSL Certificate]. This certificate will not play a role in the integration. It needs to be generated to allow the configurator to finish the process of producing the needed files for the support team. 


- Enter Name of Server. It is best to keep the default information in the input field. This is not critical to the process. 


- Click [OK]


















- Create a Password and Confirm it. 


- Click [OK]



















- The configurator will now generate the SSL Certificate









- Once the SSL Certificate has been generated, click the [Right Green Arrow] 





















- The SSL Certificate will now be stored and the configurator will finalize the process. 









- Click [NO]



- It is not required for the generated SSL Certificate to be installed and trusted as it will not be used for the cloud integration process. 
















- Click [Cancel]


- The SafeConsole Server process will not be needed. 










- Ignore this error if it generates after canceling the start up of the SafeConsole Server.


- Click [OK]














4. Zip up the output files from the SafeConsole folder


These are the important files that need to be sent to the Datalocker Support Team for the integration of AD into the cloud server. 




5. Export the root CA certificate from the AD Server

  1. Log on to the Microsoft Windows server as one of the following users:

    1. For stand-alone computers, log on as a member of the local Administrator security group.

    2. For computers that are connected to the domain, log on as a member of the Domain Administrator security group.

  2. Install the certificate authority (CA) on the Windows server, which installs the server certificate on the Active Directory server:

    1. Click Start > Administrative Tools > Certificate Authority to open the CA Microsoft Management Console (MMC) GUI.

    2. Right-click the CA server and select Properties.

    3. From the General menu, click View Certificate.

    4. Select the Details view and click Copy to File in the lower-right corner of the window.

    5. Use the Certificate Export Wizard to save the CA certificate to a file:

      1. On the Export File Format page, select the Base-64 encoded X.509 (.CER) option. Click Next.

      2. On the File to Export page, specify msadmaster in the File name field. Click Next.

    6. The msadmaster.cer certificate file is created.


6. Confirm the access of the LDAPS Port. 


The assigned LDAPS Port will need to allow inbound and outbound traffic. It must be confirmed that the port can be reached from a public IP. These firewall rules should be configured by your networking team with diligence with regards to security. Please include the port number and the public IP address in the email that is sent to the Datalocker Support Team.


7. Send the output files and root CA certificate to the Datalocker Support Team. 


Zip and password protect the files in Step 4 and the root certificate in Step 5.  Send the files to our support team through the helpdesk portal: https://support.datalocker.com .


In the body of your email please include the following:

  1. Name of the company on file

  2. Account number

  3. System Administrator email and phone number

  4. LDAPS Port Number

  5. Public IP address


In the subject of the email make it clear that this is for “AD integration into SafeConsole Cloud” 


If you have any further questions or concerns in regards to the process, please feel free to reach out to the Datalocker Support Team at any time.