Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Active Directory Sync - Prerequisites

  • Updated

Virtru Active Directory On-Premise Integration

About

The Active Directory Domain Sync Tool synchronizes an on-premise Active Directory (AD) domain with the Virtru Authentication and Validation Engine. This synchronization ensures a seamless and efficient user experience for both users and administrators.

Architecture Overview

  • Client-side agent runs on a designated server.
  • Builds a local domain map every 24 hours.
  • Uploads changes securely to a Virtru endpoint using TLS v1.2_2021.
    • In some scenarios, you might need to explicitly allow this endpoint to your Active Directory host: virtru-com-us-east-2-domain-maps-production.s3.us-east-2.amazonaws.com
  • HMAC authentication is required for data submission.
    • Reach out to your CSM or Support to request the HMAC token and secret for your organization
  • Data is encrypted and stored in Virtru's private object store.
  • Changes are queued for processing.
  • Synchronization overwrites Virtru email, group lists, and admin records.

Technical Requirements

  • Operating System:
    • Windows Server 2016 or newer
    • Windows 10 x64 or newer
  • Software Dependencies:
    • .NET Framework 4.8
  • Hardware Requirements:
    • 2 CPU cores
    • 4GB RAM
    • 20GB HDD

Active Directory Group Configuration To enable proper synchronization, create two groups within your existing Active Directory environment:

  1. Virtru Users Group:

    • Include all users who will use Virtru.
    • Example LDAP Query: 
      (&(objectClass=user)(memberOf=cn=Virtru-Users1,OU=L2,OU=L1,DC=domain,DC=local))

  2. Virtru Admins Group:

    • Include all Virtru administrators.
    • Ensure admins are members of both the "Virtru-Users" and "Virtru-Admins" groups.
    • Example LDAP Query: 
      (&(objectCategory=group)(Name=Virtru-Admins1))

By following these guidelines, administrators can ensure successful integration and ongoing synchronization between Active Directory and the Virtru Authentication and Validation Engine. Refer to the install guide for the next steps in the process.

Related articles