AD Integration With SafeConsole Cloud
This article is designed to help integrate Active Directory into the SafeConsole Cloud Server. Please note that this process will require interaction with the Datalocker Support Team as they will need to submit a change request for your cloud server to the Datalocker WebOps team.
Before You Begin:
You will need to confirm that LDAPS is set up on your Windows Server. For more information, please refer to this Microsoft Guide: Step by Step Guide to Setup LDAPS on Windows Server
This guide will also confirm the root CA certificate of the AD server, as well as confirmation of the ports that need to be open to allow communication.
Once it is confirmed that the AD Server has LDAPS setup, along with the root CA certificate and the proper ports opened up, you may now begin to generate the needed information for the support team to allow integration into the cloud environment.
1. Download and Install SafeConsole: Download Link
Download SafeConsole onPrem Installer and run SafeConsole-Setup.exe. Follow the on-screen prompts to install the latest version of SafeConsole.
2. Configure LDAP over SSL with SafeConsole's AD integration: How do I connect SafeConsole to my Active Directory over SSL?
Follow the instructions in the link provided to configure your LDAP over SSL with SafeConsole's AD integration. Once complete return to this page and continue to the next step.
3. Run the SafeConsole Configurator
Run the Configurator to a new file location located on your desktop. This is where all the important files will generate for the Datalocker Support Team.
- Run the Configurator
- Input your Domain Name
- Check the Integrate SafeConsole box
- Input the Domain Controller Name (this MUST be publicly accessible)
- Input the Port Number (389 Default, 636 for LDAPS)
- Input Non-Privileged AD user credentials
- Click the [Right Green Arrow]
- If the configurator has made a successful connection to the AD, you will be able to determine the security groups using the different groups of users within the AD.
- Confirm each Security Group and the Domain User Base
- Click the [Right Green Arrow] until you get to the screen asking about SSL Certificate
- Click on [Generate SSL Certificate]. This certificate will not play a role in the integration. It needs to be generated to allow the configurator to finish the process of producing the needed files for the Support Team.
- Enter Name of Server. It is best to keep the default information in the input field. This is not critical to the process.
- Click [OK]
- Create a Password and Confirm it.
- Click [OK]
- The configurator will now generate the SSL Certificate
- Once the SSL Certificate has been generated, click the [Right Green Arrow]
- The SSL Certificate will now be stored and the configurator will finalize the process.
- It is not required for the generated SSL Certificate to be installed and trusted as it will not be used for the cloud integration process, so you may click [NO]
- The SafeConsole Server process will not be needed so you may click [Cancel]
4. Zip up the output files from the SafeConsole folder
These are the important files that need to be sent to the Datalocker Support Team for the integration of AD into the cloud server.
5. Export the root CA certificate from the AD Server
Log on to the Microsoft Windows server as one of the following users:
For stand-alone computers, log on as a member of the local Administrator security group.
For computers that are connected to the domain, log on as a member of the Domain Administrator security group.
Install the certificate authority (CA) on the Windows server, which installs the server certificate on the Active Directory server:
Click Start > Administrative Tools > Certificate Authority to open the CA Microsoft Management Console (MMC) GUI.
Right-click the CA server and select Properties.
From the General menu, click View Certificate.
Select the Details view and click Copy to File in the lower-right corner of the window.
Use the Certificate Export Wizard to save the CA certificate to a file:
On the Export File Format page, select the Base-64 encoded X.509 (.CER) option. Click Next.
On the File to Export page, specify msadmaster in the File name field. Click Next.
The msadmaster.cer certificate file is created.
6. Confirm the access of the LDAPS Port.
The assigned LDAPS Port will need to allow inbound and outbound traffic. It must be confirmed that the port can be reached from a public IP. These firewall rules should be configured by your networking team with diligence in regard to security. Please include the port number and the public IP address in the email that is sent to the Datalocker Support Team.
7. Send the output files and root CA certificate to the Datalocker Support Team.
Zip and password protect the files in Step 4 and the root certificate in Step 5. Send the files to our support team through the helpdesk portal: https://support.datalocker.com .
In the body of your email please include the following:
Name of the company on file
System Administrator email and phone number
LDAPS Port Number
Public IP address
In the subject of the email make it clear that this is for “AD integration into SafeConsole Cloud”
If you have any further questions or concerns in regards to the process, please feel free to reach out to the Datalocker Support Team at any time.
8. AD should perform a sync around every 15 minutes from here on out, so no further filed need to be sent to Support for addition/subtraction of users in AD.