Skip to main content

OrgChart Help Guide

Active Directory Integration

Audience

Audience: Administrators

Overview

Active Directory (also known as AD) is a directory service that Microsoft developed for Windows networks and is usually not accessible from outside an organization's firewall; therefore, a direct connection to Active Directory is rarely possible (from the cloud). With this in mind, there are many options available for retrieving data from Active Directory.

Integration Options

The correct option for your organization depends on your existing technology landscape. Options should be reviewed by your IT department to determine the option that is best for your organization. Below are some available options:

Option 1

Direct Connect

On Premise Only

Option 2

SFTP Push

Cloud or On Premise

Option 3

Active Directory Agent

Cloud Only

Option 4

LDAP

Cloud or On Premise

Option 5

Google Directory Services

Cloud Only

Option 6

OKTA Universal Directory

Cloud Only

Option 7

Azure Directory Services

Cloud or On Premise

Direct Connect

For on-premise deployment, OrgChart can directly query AD to retrieve employee data.

SFTP Push

In this scenario, AD data is extracted on a "daily" basis from AD. The query results are written to a CSV file and then pushed via SFTP to a drop folder (in your OrgChart account). OrgChart can then be setup to automatically refresh org chart from the query file. The disadvantage of this approach is that charts cannot updated in real-time (you have to wait for the daily feed).

Implementation of this approach requires some effort from your IT department (your organization may already have SFTP push in place for other external systems, so the effort involved may be minimal). Our professional services team can also implement this approach; however, there is a professional services fee associated with this effort.

Active Directory Agent

In this scenario, software must be installed on a server within the infrastructure. The Active Directory Agent extracts data from Active Directory daily and pushes the data to OrgChart.

LDAP

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services. AD supports LDAP queries; however, LDAP access from outside the firewall must be enabled in order to pursue this option for cloud deployments.

Google Directory Services

If your company has deployed Google's G Suite your company may already be syncing Google Directory with Active Directory using GCDS (see https://support.google.com/a/answer/106368?hl=en for more information). In this case, Google Directory can be queried (because it is already syncing with AD).

OKTA Directory Services

If your company has deployed OKTA Universal Directory, your company may already be syncing OKTA with Active Directory (see https://www.okta.com/products/universal-directory for more information). In this case, OKTA Universal Directory can be queried (because it is already syncing with AD).

Azure Directory Services

If your company has deployed Azure Directory Services (see https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect for more information) your company may already be syncing their Azure Directory with Active Directory. In this case, LDAP (see above) can be used for queries.