Entrez la requête de recherche
Buscar en la comunidad...
Article: 100050221
Dernière publication: 2024-09-12
Evaluations: 10 0
Produit(s): Veritas Alta SaaS Protection
Description
This article will discuss what Directory Synchronization is and the process to enable/configure it.
Your Veritas Alta SaaS Protection (ASP) tenant may synchronize user information from your organization’s Azure Active Directory. Access is read-only, optional, but necessary for certain features in ASP to work fully.
ASP
can synchronize with multiple domains/directory providers.
Directory Synchronization enables ASP with an awareness of the users and groups that exist in your domain, along with an understanding of the following details:
- Account status (enabled/disabled),
- Group memberships (to any level), and
- Extended directory attributes (i.e., Department, Job Title, PreferredDataLocation, etc.).
The following ASP features require Directory Synchronization:
- End-user portal access
- Link-based storage tiering (File backup only)
- Location mapping policies (within the ASP Admin portal)
- Exchange connectors that use extended AD attributes to filter in-scope mailboxes
- SharePoint connectors that use extended AD attributes to filter in-scope OneDrive for Business site collections
When Directory Synchronization is not enabled, the features listed above will not be available, and the following limitations apply:
- Custodian-scoped searches in the Admin Portal’s Discovery app will yield the result of explicit user permissions only. In other words, access rights via group memberships will not be in the result. Likewise, targeting a Group object will not yield results since without directory synchronization ASP has no knowledge of group memberships.
- Policies in the Admin Portal that use Custodian inclusion/exclusion clauses will yield the result of explicit user permissions only (no access via group memberships).
- Policies in the Admin Portal that use Custodian Attribute inclusion/exclusion clauses will not yield a result.
If you opt-out of directory synchronization, ASP
will provision an Azure AD instance within your ASP
tenant configuration to act as the dedicated identity provider for your deployment.
Finding the Primary Domain Name
- Log in to the Microsoft Entra Admin Center with your Microsoft credentials.
- Navigate to Identity->Overview.
- In the Overview section, take note of the Primary Domain. This will be needed at the end of the process.
Configuring the Azure Active Directory Synchronization App
- From the Entra admin center expand the Application node and select App registrations, followed by New registration.
- Configure the application as follows:
- Name: ASP Directory Provider
- Support Account Types: Accounts in this organizational directory only
- Redirect URI (Optional): Web | https://directoryprovideronhubstor.onmicrosoft.com/directoryprovider
- Click the Register button.
- After clicking Register and the process completes, it will automatically open the newly created application.
- Note: Record the Application (client) ID for the ASP Directory Provider as this will be needed at the end of the process.
- Click Certificates & secrets
- Choose the +New client secret button
- Enter the Description as: ASP Directory Provider
- Choose 24 months
- Note: a new client secret will be requested by Veritas at the 24 month mark
- Click Add
- After clicking Add, it will immediately show the secret key Value. It’s very important to copy and save the Value before exiting this page, otherwise the key cannot be retrieved and a new one will need to be created.
- While still on the same screen, we have to add the proper permissions in order to read the directory listing of users.
- Click the API permissions button.
- Click the Add a permission button.
- Under Microsoft APIs, choose the large Microsoft Graph button.
- Select Application permissions.
- Scroll down the list, expand Directory and choose Directory.Read.All.
- Click Add permissions.
- Click Grant admin consent for and choose Yes to the pop-up to save the changes. The end result should look like the image below.
- On the left go to Identity->Applications->Enterprise Applications.
- In the search box, type ASP to find the newly created app.
- Click the application so that it opens and choose Properties.
- Change the Assignment required? option to Yes.
- Click Save.
That completes the process. Work with your ASP
technical contact to securely transfer the following information to them. Do not send it via email.
- Application ID
- Client Secret
- Primary Domain Name
Ce contenu était-il utile ?
Contenu traduit
Le présent document est une traduction d'un document en anglais qui peut avoir été effectuée entièrement par traduction automatique. Des mises à jour ont pu avoir été apportées à la version originale en anglais après la réalisation de cette traduction, c'est pourquoi il est possible que ces mises à jour n'apparaissent pas dans le présent document. Symantec ne garantit ni l'exactitude, ni l'exhaustivité de la présente traduction. Pour obtenir des informations plus récentes, vous pouvez vous référer à la version anglaise d'origine de cet article de la base de données.