The connector is a multi-purpose service that enables secure communication between your internal network and the Practice Protect Identity Service. At least one connector to be installed on your network inside of the firewall. The connector provides the link between your internal Active Directory forest and the Practice Protect identity service.
If you want to integrate the Practice Protect with your on-premises Active Directory or LDAP directory for user authentication or to connect to the on-premises applications like SAP NetWeaver / SharePoint / etc. without the need for VPN, a Practice Protect supplied software program called the Practice Protect (Idaptive) Connector needs to be installed inside the on-premises environment. The Practice Protect (Idaptive) Connector is a simple Windows service that runs behind a customer’s firewall to provide real-time authentication, policy and access to user profiles without synchronizing data to the cloud.
You can install more than one connector for your organization to support fail-over and load balancing. You might also want to install more than one connector if you are using multiple Practice Protect services or have access to more than one customer specific URL. In most cases, you should install at least two connectors in a production environment
For each tenant, a unique PKI Certificate is issued from the Practice Protect to the Practice Protect (Idaptive) Connector during registration. All communications between the Practice Protect and the Practice Protect (Idaptive) Connector are encrypted and mutually authenticated for each tenant using these unique certificates.
This process below guide is to be done by an IT personnel who has deep knowledge on the on-premises infrastructure specifically with Active Directory. The process includes installation, configuration and verification of the cloud connector.
• Practice Protect Account with Admin Portal Access
• Domain Admin Account in the On-premise Environment
• Admin Access to the AD server
• User Principal Name should be exactly the same as the Primary Email Address (i.e. email@example.com) not firstname.lastname@example.org.
• If you are using the email@example.com as your UPN, Please work with your IT to change this accordingly. You may follow this guide from Microsoft on how to change this in Active Directory.
1. Login to the Domain Controller.
2. Open a browser and log on to the Practice Protect Online.
3. In the drop-down menu by your name, click Switch to Admin Portal.
4. Click Settings, then click Network, then Idaptive Connectors. Click Add Idaptive Connector.
5. Under Download, click the 64-bit link to download the connector package.
6. Open the file you downloaded and extract on your desired location. If the User Account Control warning is displayed, click Yes to continue. Run the Idaptive-Mgmt-Suite-19.5-win64.
7. On the Welcome page, click Next.
8. Select the “I accept the terms in the license agreement” option, then click Next.
9. Select the components to install and verify the location for installation or click Browse to select a different location, then click Next.
By default, all components are selected. You must install the Idaptive connector to prepare for multi-factor authentication. The other components are optional, but might be required for other features or services.
10. Click Install. If necessary, close any open applications to complete the installation.
11. Click Finish to open the connector configuration wizard.
1. By default, the configuration wizard is displayed immediately after the connector is installed.
2. On the Welcome page, click Next.
3. Type the administrative user name and password for your Practice Protect account, press Advanced, Enter “cloud.centrify.com” in cloud service and then press OK then click Next.
4. Click Next unless you are using a web proxy server to connect to Practice Protect (Idaptive) services.
If you are using a web proxy service, type the IP address, select the port, and specify the user name and password to use.
5. On Setup Properties Page, enter the Domain click Next.
6. On Connector Configuration, select the domain and click Next. If the Assign Permissions warning is displayed, click Yes to continue.
7. The configuration wizard performs several tests to ensure connectivity. If all of the tests are successful, click Next.
As the final step, the connector registers your customer-specific identifier with the Practice Protect (Idaptive) identity platform, then runs in the background as a Windows service. The customer-specific identifier defines the default URL you should use. If you have access to more than one customer-specific URL, you can change the URL to use in the Practice Protect (Idaptive) Agent for Windows Configuration panel.
8. Click Finish to complete the configuration and open the connector configuration panel, which displays the status of the connection and your customer-specific identifier.
9. Click the Connector tab to view or change any of the default settings.
10. Click Close.
1. Open a browser and log on to the Practice Protect Online.
2. Switch to the administrative portal, then click Settings.
3. Click Network, then click Idaptive Connectors. This shows that the connector is Active and communicates with Practice Protect.
4. Select the connector to display the Actions menu, then select Modify from the Actions menu to display the connector configuration.
5. Verify Enable Web Server is selected.
**This option enables integrated Windows authentication for communication with Practice Protect (Idaptive) agents. Integrated Windows authentication is required for multi-factor authentication.
Integrated Windows authentication (IWA) requires you to have a port available for secure HTTP (HTTPS) communication and a trusted certificate for mutual authentication between the connector and the authentication server. To configure integrated Windows authentication an HTTPS-enabled port.
6. Click Save.