Active Directory Connector v2 Requirements
Most large companies use Microsoft Active Directory (AD) to automate changes for user identities and application privileges.
The Active Directory Connector (ADC) receives Active Directory user updates and automatically makes the same changes in your GoTo account.
The ADC accesses all users in selected AD groups containing GoTo users and all users in any subgroups. All new users are added to one of your validated company email domains in the GoTo Admin Center (classic)'s SCIM* service.
* SCIM is the System for Cross-domain Identity Management that defines how user identities are managed across multiple systems, generally over the Internet.
There are 4 areas of requirements to use the Active Directory Connector (ADC) effectively: Accounts, your Active Directory implementation, the Windows requirements for the ADC host machine, and your firewall settings.
Account requirements
- A GoTo product account with at least one (1) Organization admin who also has a GoTo product admin role
Active Directory requirements
- An Active Directory environment running Windows Server 2003 (or later) with the latest updates installed.
- Windows admin account with the "Log on as a service" permission enabled. This account is used for the Active Directory permission section of the ADC software. To enable this permission for the account being used, do the following:
- In Windows, search for and select Local Security Policy.
- Go to Local Policies > User Rights Assignment.
- Right-click Log on as a service >Properties > Add User or Group.
- Add the ADC Service User (e.g., DOMAIN\username).
- Go to Check Names > OK > OK > Apply to save your changes.
System requirements
| Active Directory Connector v2 System Requirements | |
|---|---|
| Operating System |
|
| Software |
|
| Memory |
|
| Available Disk Space |
|
| Display |
|
| Internet Connection |
|
Firewall settings
Firewall settings should be configured as follows:
| Use Case | < Source Server > | < Target Server >:< Port > |
|---|---|---|
| Interface for provisioning | < ADC Server Name > | *.getgo.com:443 |
| Interface for logging; < source server > | < ADC Server Name > | logging.getgo.com:443 |
| Interface for authentication; < source server > | < ADC Server Name > | *.logmeininc.com:443 |
| Interface for checking new version of ADC; < source server > | < ADC Server Name > | s3.amazonaws.com:443 |
| Insecure connections | < ADC Server Name > | Active Directory Domain Controller:389 (LDAP) |
| Secure connections | < ADC Server Name > | Active Directory Domain Controller:636 (LDAPS) |
| Global Catalog, Insecure connections | < ADC Server Name > | Active Directory Domain Controller:3268 (LDAP) |
| Global Catalog, Secure connections | < ADC Server Name > | Active Directory Domain Controller:3269 (LDAPS) |
Steps for setting up the Active Directory Connector v2 and managing users in User Sync:
- Review the Active Directory Connector v2 requirements
- Set up an organization
- Install the ADC v2
- Configure the ADC v2
- Run the ADC v2
- Manage User Sync rules
- Update the ADC v2 to the latest version (if applicable)
- Troubleshoot the ADC v2 (if needed)