Connect to Active Directory using an Agent

Overview

This article describes how to connect Decisions v9 to an Active Directory (AD) server using a Cloud-to-Site Agent. This approach is useful when the Decisions server cannot directly reach the AD environment due to network boundaries (for example, when AD is only reachable within a private network). In this configuration, Decisions routes directory requests through a deployed Agent that can reach the directory environment.

When to Use a Cloud-to-Site Agent

• Active Directory is not reachable from the Decisions server due to firewall rules or network segmentation.
• Directory connectivity is permitted from a machine inside the client network, but not from the Decisions host.
• Agent-based routing is preferred to avoid opening inbound ports to the directory environment.

Prerequisites

• An Active Directory environment and valid credentials for directory access (for example, a domain user with the required permissions).
• A deployed Decisions Agent is installed on a machine that can reach the AD environment.
• Decisions v9 Active Directory Settings available (AD module installed/enabled in the environment).

Configure Active Directory to Use a Cloud-to-Site Agent

1. Navigate to System > Settings and select Active Directory Settings.
2. Under Servers, select ADD to create a new server configuration (or open an existing configuration to edit it).
3. Complete the required fields in Portal Settings, Server Settings, and Synchronization Settings as needed for the environment.
4. In Server Settings, enable Use Cloud To Site Agent.
5. In Agent to Handle Requests, select the deployed Agent that has network access to the AD environment.
6. Save the configuration.