Directory Services

swimlane turbine integrates with two directory service types microsoft's active directory (ad) and open ldap by integrating with directory services, administrators can streamline user management and ensure consistent authentication across their organization use cases and benefits many turbine administrators leverage directory services to enable soc engineers and analysts to log in to turbine with previously established directory credentials automate user and group management, reducing administrative overhead for large teams increase security by centralizing authentication and maintaining compliance with corporate policies users are synced upon each login automatic synchronization occurs every night at midnight, server time these settings are at the account level and propagate to all the tenants associated with users through roles or groups enabling directory services before you begin, verify that your server settings are correct and ensure you have the necessary permissions to configure directory services to enable directory services click on your profile, and then click admin panel from the left navigation, select settings > account click directory services and then select enable directory syncing this expands the selections for the settings that you need to configure server settings click > to expand server settings under server type , select either open ldap or active directory input your server settings ensure that the username is an ldap distinguished name (e g , cn=manager,dc=example,dc=com) server settings if you want to test the connection to the server at this point, enter placeholder text in all required fields, including those in other sections, and then click save once your initial settings are saved, you can click test connection user settings click > to expand user settings and review or update the values there the default values for open ldap are often the most appropriate, but they may need to be altered to conform to your directory server’s configuration ensure that the member of field target is empty by default, and update if required based on your organization’s needs user settings field mapping these values rarely need to deviate from the defaults provided review and update as necessary to match your directory configuration group settings delete the default value for user membership field target and make sure it is empty the group location field must contain a distinguished name (dn) that provides the complete path to the container in which the targeted groups are defined use an appropriate directory services client to inspect the targeted group(s) and make note of how belonging users are affiliated to the group(s) is it done through the group’s property named member , the users' property named memberof , or through some other means? group settings groups this section lists manually entered groups to add a group, type the name in the field and then click add value keep in mind that you have to add each group individually, and that the values are case sensitive under groups to sync , click validate groups if this fails, troubleshoot by checking spelling and/or confirming that the group name is defined in the container specified in the group location value (a distinguished name) membership from this field, you can select from one of two values by user field or by group field if the users are affiliated with their groups via the member property in each group, choose by group syncing and verification click save again and then click sync now ensure that you receive confirmation of a successful sync (a green success message displays) then, from the left navigation menu, navigate to the turbine users page and verify that all the members of the targeted groups have been created as users troubleshooting and best practices ensure that all required fields are filled correctly before testing the connection use a third party ldap client to verify the distinguished names (dn) for users and groups use meaningful group names and consistent field mappings to avoid confusion during setup if synchronization issues persist, check server logs for detailed error messages and reach out to swimlane support if necessary