If you operate Active Directory on-premise, CloudM Manage can integrate with your directory using the CloudM AD Sync connector application.
You can quickly see if the On-Premise Integration is enabled or disabled. Selecting Enable or Disable will change the status of the feature.
In the Security section, you can view the Shared Secret and Key Pair currently being used and Regenerate, if required.
The full range of events currently available (under Integration Settings) are:
- User Creation - When a new user is created
- User Deletion - When a user is deleted from CloudM Manage
- User Rename - When a user's name or email address is changed
- User Move - When a user is moved from one Organizational Unit to another (only available for Google domains).
- User Password Change - When a user changes their password
- User Update - When a user edits their profile, or their profile is edited (including user suspend / resume).
When one of the above events occurs, CloudM Manage makes a secure request to an on-premise connector application that performs matching operations in your directory.
When a notification is sent, CloudM Manage makes an HTTP request to the endpoint specified in the integration settings. The endpoint is a self hosted Windows serviceapplication that runs on your own network, and accepts and verifies requests from CloudM Manage before making any changes to your directory. Requests are encrypted and use public private key pairs to ensure authenticity and to ensure the connector application only processes requests from CloudM.
To further secure communications between CloudM Manage and your on-premise Active Directory connector, the application can be configured to use HTTPS or any reverse firewall (such as NGINX or HAPROXY) can be configured to relay connections to the connector.