Active Directory Integration

Yes it's anoying isn't it?! Documentation leaves a lot to be desired.

It's been a while since I got this going, and I remember having the exact same problems, so have a look at this:

Login to the dashboard as the admin for the customer you created. Go to "settings" (the gear icon) , choose the SSP tab. There you need to create a group that can access the SSP, along with what OS type, task bundle etc. You probably also want to check the other tabs like "provisioning by emal" etc. Also the iOS APNS if you haven't done it?

I *think* you should then be good to go.

Paul

Hi,

sorry for all the issues you have with the AD integration. Your comments have been heard and will be addresses as follows with the SMC 3.0 release, scheduled for end of January:

• We have reworked most of the manuals and extended sections about AD integration (among many other changes)
• We have added additional checks to the AD Wizard, so the entry is more clear as well as the wizard gives feedback, if it detects a problem with the data

I cannot give you immediate guidance on how to fix your problems, but a good intermediate step to test the AD integration would be to create a device from the admin UI and try to link it to a user via LDAP. If this fails as well, the LDAP settings are the problem. if this works, the group assignment for the SSP might be wrong

Thomas

OK, thanks for that. I think we had a problem somewhere along the line - I could get to a LDAP search box from our SMC server, but any time I tried a search it failed. Seeing as how we were WAAAAY behind on our inplementation schedule, and we only had 20 or so users, I created our users using the Internal Directory option.

Do you have any more info on Version 3? I'd be very interested on seeing what new features are planned.

We are installing version 3 now and I can't find anything in the manual to do with setting up users via the external method.  I have LDAP connections all done and working I just can't figure out how a user logs in or assign a device to a user etc...?

I tried the AD Integration to. It works like a charm.

Just follow the steps in the Super Administrator Guide.

- Add your AD Search Parameters

- Create an AD Group

- Add the User to your AD Group

The added users got access to the SSP and were able to register Devices without any problem.

I hope Sophos will support more than one SSP Usergroup in the future to map Policies to Devices. Please think about the different security configuration needs for pads and phones in this step :)

Please do not map User and Device 1:1

Please map:

User : Tablets : iOS Tablet 1 -> Usergroup Mobile_Marketing -> Policy P_Marketing_Tablets

User : Tablets : iOS Tablet 2 -> Usergroup Mobile_Marketing -> Policy P_Marketing_Tablets

User : Phones : iOS Phone 1 -> Usergroup Mobile_Marketing -> Policy P_Marketing_Phones

P_Marketing_Tablets for exampe: Mandatory Apps: Anyconnect, Quickoffice, Citrix Receiver mandatory

P_Marketing_Phones for exampe: Mandatory Apps: none

What is missing from the woefully inadequate manuals is the portal address for clients which should be the server FQDN with /ssp on the end, don't do what I did and spend a long time trying to login to the administration portal with end user credentials.

That's EXACTLY what I was doing. Thank you!

Thank you so much! 

I have spent days going round in circles reading the documentation, deleting and setting up LDAP access to no avail, and couldnt work out why my LDAP integration wouldnt work.

......and all that time I was connecting to the wrong URL!!! :smileymad: