How OneLogin is bridging cloud and on-premise directories

Many of our customers use OneLogin as a standalone cloud directory and it meets their needs perfectly: Simple configuration, fast deployment, and all of their apps and data are in the cloud. Some of our customers, however, prefer to keep their existing user stores such as Microsoft Active Directory, LDAP, or both; and use OneLogin in order to simplify management of their user identities and make them more easily accessible .

A directory connector, also called an identity bridge, syncs user identity information between directories and cloud services. In the case of legacy directories such as OpenLDAP or Active Directory, it is typically a software component which runs on-premise but connects to a cloud directory. For many enterprises, a directory connector is a key component of their hybrid architecture, enabling them to move to cloud without ripping out essential legacy systems.

OneLogin offers a variety of directory connectors to synchronize users with any number of directories, such as Active Directory, LDAP, Workday, or G Suite (formerly Google Apps). Administrators can use OneLogin to import custom user attributes and pass them on to downstream apps via SAML, SCIM, or API-based provisioning.

We recently updated our LDAP Directory Connector (LDC), a complete rewrite that improves performance, scales to over a million users, and works reliably with virtually any standard LDAPv3 schema — even extended schemas. It’s a snap to install, configure, and tune. And it provides near feature parity with the Active Directory Connector, bringing support for OneLogin-to-LDAP provisioning, password resets, and user authentication.

In addition, we have recently updated our Active Directory Connector (ADC). Our latest major revision of OneLogin Active Directory Connector performs better than ever, and it’s easier to use with firewalls and HTTP proxies. Version 5 of our ADC keeps all the good stuff from v4 and adds improved multiplexing, new runtime libraries and web sockets over ports 80 and 443 that make it firewall-friendly, and HTTP proxy support with Windows domain authentication. This version requires Windows Server 2012+ and .NET 4.5. If you are not yet familiar with ADC, you should familiarize yourself with additional benefits such as the Desktop SSO, which allows your users to authenticate with OneLogin without being prompted for a OneLogin username and password, using instead Integrated Windows Authentication (IWA).

Both our Active Directory and LDAP Directory connectors are bi-directional connectors. Our Active Directory Connector also offers a real-time sync thanks to its use of Active Directory Change Notifications. This means that user identity creates, updates, deletes and suspends are pushed from AD to OneLogin and other apps within seconds. This provides IT with an instant kill switch when employees leave, eliminating the possibility of a breach from an ex-employee. And when you are onboarding many new employees at once — think seasonal workers, students, or an acquired company — realtime sync speeds up the process.

Be sure to also check out our integrations with other directories such as G SuiteWorkdayNamely and UKG. Whichever user store you use, we got your back.

Check out: What is Active Directory Bridging

About the Author

Natalia Wodecki

Natalia Wodecki is the Director of Global Communications at OneLogin. She is skilled at internal and external communications, creating integrated marketing communications programs that drive business, build brands, strengthen employee loyalty, and increase awareness. Previous to OneLogin she worked at Salesforce and Zendesk. She loves puns, puppies, pizza, and alliteration. Follow her on Twitter @NataliaW.

Related Articles