Rubex Directory Sync Tool (Active Directory | LDAP)
The Rubex Directory Sync Tool enables a connection to a directory service like Active Directory via LDAP (Lightweight Directory Access Protocol) for user and group management. Utilizing a directory service with all of your user and group information already in place will save you valuable time as well as ensure that the right people have access at the right time, and that access is revoked at the right time as well.
The Rubex Directory Sync Tool is a small application that is installed on a device/server on your network that can be connected to your directory service via the domain and server
Your organization must have a directory service that is compatible with LDAP (Lightweight Directory Access Protocol).
We recommend that you install the Rubex Directory Sync Tool on an application server and not a user workstation. A user with User Management system permissions will be required to setup and configure the Rubex Directory Sync Tool.
The Rubex Directory Sync Tool will need to be downloaded and installed to function.
- Navigate to the Rubex Admin area and select Users & Groups > User Directories
- Download the Rubex Directory Sync Tool installer
- Open and run the installer package
- After install completion the Rubex Directory Sync tool will launch
- A Rubex user with User Management system permissions will need to authenticate into their Rubex account
- Input the directory service details to connect with
- Optional LDAP query step enables you to refine what users and groups are pulled into the Rubex Directory Sync Tool
- Upon successful connection to directory service, Users and Groups will be displayed in the sync tool. No syncing to Rubex has happened at this point.
Syncing Users and Groups to Rubex
Individual users can be selected and synced to Rubex. Select the checkbox next to a user and select Sync to Rubex. A user will be provisioned in your Rubex account with the email associated with the user per the connected directory service if a user with that email address does not already exist.
Selecting a Group to sync to Rubex will sync all users and subgroups. If only a subgroup or single user in a group(child object) is synced, the parent group will indicate a partial sync in the tool with a “Child Synced” label.
Any groups that are synced will have a corresponding Group created in Rubex, along with all associated users. The users will be provisioned and added to the proper synced Group per the connected directory service configuration.
Once users or groups are synced to your Rubex account, all licenses, system permissions, and item access permissions are managed directly in Rubex.
How Rubex Directory Sync operates for accounts with existing users
If you've already added users to your Rubex account, there are a few things you should know before configuring your Rubex Directory Sync Tool and syncing users.
- Prior to connecting and syncing via the Rubex Directory Sync Tool, user accounts and groups in the Rubex are considered console-managed. When users and groups are console-managed, you can edit user and group information directly in Rubex.
- Once you configure the Rubex Directory Sync Tool and the first sync occurs, the synced users and groups are considered directory managed. When users are directory managed, you will need to edit user and group information in your directory and these changes are then pushed to Rubex during the next sync.
- During the first sync, the tool will automatically match console-managed user accounts with accounts in your directory based on email address. This process will convert any matched users from being console-managed to directory managed. We've outlined how this process works below:
- You will install and configure the ADI sync tool in your environment.
- You will configure what information you want to sync from your Active Directory.
- If a directory user has an email address that matches an existing Rubex user account, then that user account becomes directory managed.
- If a directory synced user is not found in Rubex, then a directory managed user account is created.
Once you configure your directory integration, user information will stay up-to-date with the information in your organization's directory provider.
The Rubex Directory Sync Tool will check for any changes in your directory provider periodically. A connection refresh or check for updates can be manually triggered in the tool. The last sync time will be reported in the Rubex Directory Sync Tool to be able to ensure that all data is current and up to date
If for some reason you need to remove the connection to your directory provider, you can elect to unlink the synced users and therefore keep those user accounts in Rubex in which they would become console managed users instead of directory managed.