If your organization uses Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) to store user details, you can use your AD/LDAP to:
- Create users on inSync.
- Authenticate users on inSync.
- Mass deploy inSync Client.
Your AD/LDAP cannot communicate directly with inSync Cloud. To enable this communication, you must:
If you have an existing installation of inSync Connector, upgrade it to latest version.
Note: You can use inSync Connector to add and manage new users. You cannot use inSync Connector to manage existing users on inSync Cloud. Existing users will continue to use their inSync Cloud credentials and you have to manage these users manually.
AD/LDAP Connector Connectivity with the AD or LDAP Server
inSync uses the inSync Connector only while authenticating and activating inSync Client. Backups and restores from end-user devices on which inSync Client is activated will work as usual even if the computer where you installed the inSync Connector is not available. This means that you do not need to ensure high availability (HA) for the inSync Connector.
The inSync Connector connects with the AD/LDAP Server only when required. The following points outline some of the use cases for the inSync Connector.
- During AD/LDAP Mapping creation: You must create AD/LDAP Mapping if you want to create users by importing their details from the AD/LDAP Server. When creating AD/LDAP Mapping, inSync Cloud queries the AD/LDAP server to retrieve the name of the Base DN, Organizational Units, and Groups. The inSync Connector facilitates the communication. For information on creating AD/LDAP Mapping, refer to Creating an AD/LDAP Mapping.
- When importing user details: When you are creating users by importing their details from the AD/LDAP Server, inSync Cloud fetches the user details from the AD/LDAP Server. The communication is facilitated by the inSync Connector. If inSync Cloud is configured to fetch user details periodically, it sends its query to the AD/LDAP Connector once every 24 hours. For more information importing user details from AD/LDAP, refer to Adding a group of users by importing details from an Active Directory.
- When activating inSync Client during the mass deployment process: At the end of the inSync Client mass deployment process, the users log on to their computer using their AD/LDAP credentials. The inSync Client sends the user details and the mass deployment token to inSync Cloud for verification. inSync Cloud communicates with the AD/LDAP Server through inSync Connector to query the user details and verifies the token. If the user exists, the device is activated. If not, the user is created on inSync Cloud and the user device is activated. To know more about the mass deployment process, see Mass Deploying inSync Client.
- When authenticating users on inSync Web: If a user, who is configured to use his AD/LDAP credentials for inSync, tries to log on to inSync Web, inSync Cloud will send a verification request to the AD/LDAP Server through the inSync Connector.
The following table lists the ports that the inSync Connector uses.
|Port Number||Used By|
|443, 6061, 80||
inSync Connector with inSync Cloud
|3268||LDAP on global catalog|
|3269||Secure LDAP on global catalog|