Syncing Windows AD with Monitor (No Appliance/Gateway)

This article is for Cloud Admins/Tech Admins.

Your Safeguarding contacts need your school’s user and group information to set up Alerting profiles in Monitor. You can set up Monitor to sync with your directory service and identify which groups your Safeguarding contacts can use in Monitor.

Monitor can be integrated in a variety of scenarios. The steps in this article are to integrate Monitor with on-premises Windows AD DS (Active Directory Domain Services) when:

  • Monitor is cloud-only AND no Smoothwall Filter and Firewall or Linewize Gateway is present; OR
  • The IDex Agent is already installed on your Windows Server and working with your on-premises Smoothwall Filter and Firewall Appliance or Linewize Gateway

Before you start

You will need to gather some information about your product.

  1. Open Monitor > Admin Panel > Account Information.
  2. Save the following in a temporary text file:
    • Monitor Serial Number (UNCL Serial)
    • Monitor Directory API Key (UNCL API Key)
  3. (Optional) If you have multiple tenants, go to Admin Panel > Tenant Management and save the Tenant UUID (GUID) identities.

Install the IDex Agent

You will install the IDex Agent to help Monitor access the users and groups in your Windows Active Directory. When you install the IDex Agent, it will automatically create a directory entry in Monitor > Admin Panel > Directories. After that, the sync runs in the background every 24 hours. 

  1. Go to https://software.smoothwall.com/ and download the current IDex Agent.
  2. Upload the IDex Agent installer to the Windows Server hosting your Active Directory Domain Services.
  3. Run the IDexAgent-x.x.x.msi installer as the administrator (shift + right-click > Run as Administrator).
  4. When the IDex installer prompts for the Web filter host:
    • If you only use Monitor, leave the field blank and click Next.
    • If you have a Smoothwall Filter & Firewall appliance or Linewize gateway on your premises, enter the IP address or the fully qualified domain name of your Smoothwall appliance or Linewize gateway with port 2948.

      mon-2023-06jun-idex-agent-windowsad-001.png
  5. When prompted by the Install Wizard, enter your:
    • UNCL Serial (Monitor Serial Number)
    • UNCL API Key (Monitor Directory API key)

      mon-2023-06jun-idex-agent-windowsad-002.png
  6. At the prompt for Tenants:
    • Leave blank if you have only one Monitor tenant.
    • If you have more than one Monitor tenant, enter the Tenant UUIDs (GUIDs) separated by commas that correspond to the directories on this domain controller.
  7. Complete the steps in the installation wizard.
    • Select No when prompted to restart your Windows Server.. The restart is not required to sync the directory data.
  8. Open Windows Explorer, and go to C:\Program Files\Smoothwall\IDexAgent.
  9. Hold shift + right-click on SendAdDataNow.exe and select Run as Administrator to execute a manual sync.
    • A message will be displayed when the sync is complete.
    • Finish the steps to set up or update the groups in the Monitor Portal.

Manually Refresh Windows AD and Monitor Directories

You can manually sync your directories to access updated users and groups before the automated sync runs. A manual sync is a two-step process, starting with your Windows Active Directory and then manually refreshing your Monitor Directory.

  1. Go to C:\Program Files\Smoothwall\IDexAgent.
  2. Hold shift + right-click on SendAdDataNow.exe and select Run as Administrator to execute a manual sync.
  3. When sync is complete and the confirmation message displayed, open your Monitor Portal and select Monitor > Admin Panel > Directories.
  4. At the bottom-left of the window, select Sync Directory.

Finishing the Groups and Alerting Profiles

Monitor will display the time of the successful sync.

  1. After the sync containing new groups is complete, a Cloud Admin/Tech Admin creates the Smoothwall Groups for your Safeguarding contacts.
    • Groups can contain one or more of the Windows AD groups.
    • Notify your Safeguarding contact when you are done.
  2. After the Groups are created, a Safeguarding contact creates the alerting profiles in Monitor.
    • Safeguarding contacts cannot edit the Groups. Contact your Cloud Admin/Tech Admin to edit the groups.
Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.