Active Directory Connector v2
Most large companies use Microsoft Active Directory (AD) to automate changes for user identities and application privileges. The Active Directory Connector (ADC) receives Active Directory user updates and automatically makes the same changes in your GoTo account.The ADC accesses all users in selected AD groups containing GoTo users and all users in any subgroups. All new users are added to one of your validated company email domains in the External Admin SCIM* service. If a company chooses, they can use the information generated by this process to entitle (and suspend) user accounts using the User Sync service.
* SCIM is the System for Cross-domain Identity Management that defines how user identities are managed across multiple systems, generally over the Internet.
Active Directory articles
- Active Directory Connector v2 requirements
- Install Active Directory Connector v2
- Configure the Active Directory Connector v2
- Run the Active Directory Connector v2
Implementation of the Active Directory Connector consists of installation, setting permissions and Active Directory groups, and running the ADC to start receiving updates. You can view the user updates in the Organization Center ( documentation | login). Existing users are updated only if information from the AD is different than what is in the SCIM organization.
- A corporate GoTo account with at least one Organization admin who also has a GoTo product admin role
- One or more verified organization domains
- Active Directory groups and users set up
On initial launch, the ADC reads the identified groups in the AD and generates a list of users. It compares this list with the information already in the company’s domain organization. Any valid new users are added, and any users that exist in both AD and the domain organization account get updated as needed. If there are users in the domain organization but not in the AD, they can remain depending on the company’s policies and practices - for instance, these users may be consultants, non-Windows users, etc.
After initial launch, the ADC syncs at the polling interval you set. During a sync, any new AD user in a linked group is added, any modified user is updated, any expired or deleted user is suspended.
The ADC passes the identity data to SCIM which creates users on the company’s GoTo account. These users are members of the company’s domain organization and can then be entitled, either through User Sync, or manually, to use specific products.
Comparison with prior ADC versions
Earlier ADC releases did more work on the local servers, integrated user entitlements, and embedded business rules in the application itself. This design led to customer issues with local repositories and enforced updates (which required a complete re-install) when business rules changed. These issues have been resolved with v2.
To upgrade from an earlier version to the latest, first you must uninstall the v1 version, then install v2. Once installed, you can configure ADC v2 to point to the correct Active Directory groups and run the service, which will recognize your existing users. Any changes are communicated via the new ADC to the Admin Center via User Sync.