Active Directory Connector v2

Most large companies use Microsoft Active Directory (AD) to automate changes for user identities and application privileges. The Active Directory Connector (ADC) receives Active Directory user updates and automatically makes the same changes in your LogMeIn account. The ADC accesses all users in selected AD groups containing LogMeIn users and all users in any subgroups. All new users are added to one of your validated company email domains in the Admin Center's SCIM* service. If a company chooses, they can use the information generated by this process to entitle (and suspend) user accounts using the User Sync service.

* SCIM is the System for Cross-domain Identity Management that defines how user identities are managed across multiple systems, generally over the Internet.

Steps for setting up the Active Directory Connector v2 and managing users via User Sync:

  1. Review the Active Directory Connector v2 requirements
  2. Set up an organization
  3. Install the ADC v2
  4. Configure the ADC v2
  5. Manage custom attributes (optional)
  6. Run the ADC v2
  7. Update the ADC v2 to the latest version (if applicable)
  8. Set up and run user sync
  9. Manage User Sync rules

On initial launch, the ADC reads the identified groups in the AD and generates a list of users. It compares this list with the information already in the company’s domain organization. Any valid new users are added, and any users that exist in both AD and the domain organization account get updated as needed. If there are users in the domain organization but not in the AD, they can remain depending on the company’s policies and practices - for instance, these users may be consultants, non-Windows users, etc.

After initial launch, the ADC syncs at the polling interval you set. During a sync, any new AD user in a linked group is added, any modified user is updated, any expired or deleted user is suspended.

The ADC passes the identity data to SCIM which creates users on the company’s LogMeIn account. These users are members of the company’s domain organization and can then be entitled, either through User Sync, or manually, to use specific products.

Comparison with prior ADC versions

Earlier ADC releases did more work on the local servers, integrated user entitlements, and embedded business rules in the application itself. This design led to customer issues with local repositories and enforced updates (which required a complete re-install) when business rules changed. These issues have been resolved with v2.

To upgrade from ADC v1 to v2, first you must uninstall the v1 version, then install v2. Once installed, you can configure ADC v2 to point to the correct Active Directory groups and run the service, which will recognize your existing users. Any changes are communicated via the new ADC to the Admin Center via User Sync.