Beta Feature Authentication Domains: Active Directory Sync

Even before we enable the beta feature Authentication Domains: Active Directory Sync we have de possibility to add an Active Directory for Authentication Domain.

So what does this beta feature realy does?

Answers

  • From the WG Cloud site:

    "You can sync users and groups from your Active Directory or LDAP database to a WatchGuard Cloud authentication domain.

    With the directory sync feature, you can sync users and groups from your Active Directory or LDAP database to a WatchGuard Cloud authentication domain. In WatchGuard Cloud, you can add an authentication domain to the Firebox so that you can specify users and groups from your authentication server in firewall policies, aliases, and mobile VPN settings.

    To get started, visit the WatchGuard Beta site."

  • Hi @Bruce_Briggs,

    Many thanks for your reply.
    I still can't figure the difference from the beta feature Authentication Domains: Active Directory Sync from standard feature Authentication Domains: Active Directory.

  • It appears that this creates a separate store of AD or LDAP users/groups in WG Cloud.

    Here is one clue:
    "You cannot delete synced users and groups in WatchGuard Cloud. To remove a user or group from your WatchGuard Cloud Authentication Domain, you must delete the user or group in your Active Directory or LDAP server. You cannot delete synced users and groups in WatchGuard Cloud. To remove a user or group from your WatchGuard Cloud Authentication Domain, you must delete the user or group in your Active Directory or LDAP server."

    It appears to me that the standard feature needs to access your AD/LDAP server, and not this new separate cloud based user/group store.
    Could be a method to provide higher availability, in case your site or your AD/LDAP server is not available.

    I've not tried either, so this is just conjecture on my part.

  • It makes sense...
    Maybe that could be the difference...

  • Has anyone gotten this Directory Sync to work? I am having the hardest time with it. It shows that my Agent host is online and there has been a recant sync, but I don't see any user or groups that were imported to my Domain Authentication screen. I have been working with support, but have not gotten anywhere yet.

Sign In to comment.