Integration with Windows Active Directory - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-10-17

You can manage all personnel and security information from a single location by integrating a Windows Active Directory (AD) into Security Center, whether it is for software security (IT) or for physical security (controlling access to secured areas).

Benefits of AD integration

Having a centralized security information management system provides many benefits:
  • Less data entry means fewer errors and better control during initial Security Center setup, because users and cardholders can be imported from an existing AD.
  • Consistency and better security because all shared information is entered only once.
    • A new user account that is added to an imported security group automatically adds a new user or cardholder in Security Center after the role is synchronized.
    • A user account that is disabled in the AD automatically disables the corresponding user or cardholder in Security Center after the role is synchronized.
  • Single logon capability for synchronized Security Center users. Users logged on to Windows and imported to Security Center can enable the Use Windows Credentials setting to log on to Security Desk or Config Tool.

What is AD integration

In AD, you can create users, user groups, cardholders, cardholder groups, and credentials.

With AD integration, you can import security groups from an AD into Security Center as user groups and cardholder groups, or both. Members can be imported as users, cardholders, or cardholders with credentials. Both standard and custom attributes can be imported from the AD. Most imported fields can only be modified within the AD and are read-only in Security Center.

You can import entities from more than one AD if necessary. For example, from Security Center, you can manage access to a facility shared by multiple companies, such as an office building. As system administrator, you can import users and cardholders with their credentials from their individual Active Directories, and manage them in separate partitions.

For larger AD setups that have many domains that are part of an AD forest, Security Center supports synchronizing Universal groups and connecting to a global catalog. A single Active Directory role can be used to synchronize a universal group. For more information about using Universal groups and global catalogs with Security Center, see About universal groups and global catalogs.

How AD integration works

To synchronize the Active Directory role, you must schedule a task. The Active Directory role then synchronizes all the changes made on the AD with the imported entities in Security Center. If Security Center users are imported from an AD, the logon credential validation is performed by the AD service. Security Center does not manage synchronized user passwords.

Imported entities are identified in Security Center by a yellow arrow () superimposed on the regular entity icon.
Windows Active Directory integration overview.