Active Directory Integration
Audience
Audience: Administrators
Overview
Active Directory (also known as AD) is a directory service that Microsoft developed for Windows networks and is usually not accessible from outside an organization's firewall; therefore, a direct connection to Active Directory is rarely possible (from the cloud). With this in mind, there are many options available for retrieving data from Active Directory.
Integration Options
The correct option for your organization depends on your existing technology landscape. Options should be reviewed by your IT department to determine the option that is best for your organization. Below are some available options:
Option 1 | Direct Connect | On Premise Only |
Option 2 | SFTP Push | Cloud or On Premise |
Option 3 | Active Directory Agent | Cloud Only |
Option 4 | LDAP | Cloud or On Premise |
Option 5 | Google Directory Services | Cloud Only |
Option 6 | OKTA Universal Directory | Cloud Only |
Option 7 | Azure Directory Services | Cloud or On Premise |
Direct Connect
For on-premise deployment, OrgChart can directly query AD to retrieve employee data.
SFTP Push
In this scenario, AD data is extracted on a "daily" basis from AD. The query results are written to a CSV file and then pushed via SFTP to a drop folder (in your OrgChart account). OrgChart can then be setup to automatically refresh org chart from the query file. The disadvantage of this approach is that charts cannot updated in real-time (you have to wait for the daily feed).
Implementation of this approach requires some effort from your IT department (your organization may already have SFTP push in place for other external systems, so the effort involved may be minimal). Our professional services team can also implement this approach; however, there is a professional services fee associated with this effort.
Active Directory Agent
In this scenario, software must be installed on a server within the infrastructure. The Active Directory Agent extracts data from Active Directory daily and pushes the data to OrgChart.
LDAP
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services. AD supports LDAP queries; however, LDAP access from outside the firewall must be enabled in order to pursue this option for cloud deployments.
Google Directory Services
If your company has deployed Google's G Suite your company may already be syncing Google Directory with Active Directory using GCDS (see https://support.google.com/a/answer/106368?hl=en for more information). In this case, Google Directory can be queried (because it is already syncing with AD).
OKTA Directory Services
If your company has deployed OKTA Universal Directory, your company may already be syncing OKTA with Active Directory (see https://www.okta.com/products/universal-directory for more information). In this case, OKTA Universal Directory can be queried (because it is already syncing with AD).
Azure Directory Services
If your company has deployed Azure Directory Services (see https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect for more information) your company may already be syncing their Azure Directory with Active Directory. In this case, LDAP (see above) can be used for queries.