Difference between revisions of "How to integrate AD or OpenLDAP with SafeSquid"

From Secure Web Gateway
Share/Save/Bookmark
Jump to: navigation, search
 
Line 12: Line 12:
 
*Authenticate the users, based on their Directory Service Credentials,  
 
*Authenticate the users, based on their Directory Service Credentials,  
 
*Control their access to the web depending upon their enterprise role and hierarchy,  
 
*Control their access to the web depending upon their enterprise role and hierarchy,  
*Log and report their activity, in a manner that the HR managers can analyse internet usage individually and of groups of people.  
+
*Log and report their activity, in a manner that the HR managers can analyze internet usage individually and of groups of people.  
  
 
=== Tutorial Goals ===
 
=== Tutorial Goals ===
  
In this tutorial you will see how to&nbsp;integrate your Microsoft Active Directory or OpenLDAP service to a proxy server easily.<br/> With the use of SafeSquid SWG WebGUI it is easy to perform the necessary integration tasks, create the policies to control access, and validate the success.
+
In this tutorial you will see how to&nbsp;integrate your Microsoft Active Directory or OpenLDAP service to a proxy server easily.<br/> With the use of SafeSquid SWG WebGUI it is easy to perform the necessary integration process, you can create&nbsp;the policies to control access, and validate the success.
  
 
At the end we will inspect SafeSquid’s logs to inspect how the internet usage of any user identified via the Directory Service, is recorded for the purpose of analytics.
 
At the end we will inspect SafeSquid’s logs to inspect how the internet usage of any user identified via the Directory Service, is recorded for the purpose of analytics.
Line 28: Line 28:
 
Collect the following information before starting integration&nbsp;
 
Collect the following information before starting integration&nbsp;
  
*LDAP Server Fully Qualified&nbsp;Domain Name ( FQDN ) &nbsp;and IP address.  
+
*LDAP Server Fully Qualified&nbsp;Domain Name ( FQDN ) and IP address.  
 
*LDAP Administrator User name and Password.(You can provide any user from LDAP server who has&nbsp;administrator rights)  
 
*LDAP Administrator User name and Password.(You can provide any user from LDAP server who has&nbsp;administrator rights)  
 
*LDAP Server Basedn  
 
*LDAP Server Basedn  
 
*LDAP Server Domain name  
 
*LDAP Server Domain name  
  
'''Note :&nbsp;'''
+
'''Note&nbsp;:&nbsp;'''
  
 
*Add SafeSquid server DNS entry in your Active Directory Server [[Add_SafeSquid_server_DNS_entry_in_your_Active_Directory_Server|Link]]  
 
*Add SafeSquid server DNS entry in your Active Directory Server [[Add_SafeSquid_server_DNS_entry_in_your_Active_Directory_Server|Link]]  
Line 50: Line 50:
 
=== '''SSO Authentication &nbsp; &nbsp; &nbsp;&nbsp;''' ===
 
=== '''SSO Authentication &nbsp; &nbsp; &nbsp;&nbsp;''' ===
  
SSO authentication is a type of non-interactive authentication to the user. In SSO authentication once the user logged into his system then that credentials will be used for all sessions opened by that user.
+
SSO authentication is a type of non-interactive authentication to the user. In SSO authentication once the user logged into his/her system then that credentials will be used for all sessions opened by that user.
  
 
Read more about [[Integrate_Active_Directory_For_SSO_Authentication|SSO Authentication&nbsp;]]
 
Read more about [[Integrate_Active_Directory_For_SSO_Authentication|SSO Authentication&nbsp;]]

Latest revision as of 17:08, 3 December 2019

Overview

Why is a proxy based web-gateway integrated to a Microsoft AD or OpenLDAP?

Network enterprises that have a large number of users, popularly manage user credentials via a centralized system.
The centralized system ensures user identification across all the networked enterprise resources and services.
Users too benefit immensely, as they need a singular credential to access anything across the network enterprise.

Microsoft’s Active Directory, and OpenLDAP based various Directory Services like Novell’s e-Directory are extremely popular for setting up a centralized user identity management systems.
Almost all Directory services also offer role, and hierarchy based grouping of users. Most enterprise class networked resources and services also allow control of user access, and rights based on their group membership.

A proxy-based web gateway is an application layer firewall service that distributes Internet Access to people in the networked enterprise. It is thus essentially a network service.
A Web Gateway when integrated to a Directory Service, can:

  • Authenticate the users, based on their Directory Service Credentials,
  • Control their access to the web depending upon their enterprise role and hierarchy,
  • Log and report their activity, in a manner that the HR managers can analyze internet usage individually and of groups of people.

Tutorial Goals

In this tutorial you will see how to integrate your Microsoft Active Directory or OpenLDAP service to a proxy server easily.
With the use of SafeSquid SWG WebGUI it is easy to perform the necessary integration process, you can create the policies to control access, and validate the success.

At the end we will inspect SafeSquid’s logs to inspect how the internet usage of any user identified via the Directory Service, is recorded for the purpose of analytics.

SafeSquid can be integrated to the Microsoft Active Directory for SSO/Kerberos based user identification. The additional steps required for Kerberos configuration are discussed in another tutorial.

 

Prerequisites

Collect the following information before starting integration 

  • LDAP Server Fully Qualified Domain Name ( FQDN ) and IP address.
  • LDAP Administrator User name and Password.(You can provide any user from LDAP server who has administrator rights)
  • LDAP Server Basedn
  • LDAP Server Domain name

Note : 

  • Add SafeSquid server DNS entry in your Active Directory Server Link
  • Make sure that your AD Domain must be resolvable from all clients and SafeSquid Server. Link

Integration of Microsoft Active Directory

Integration of Active Directory include the following types of Authentication. 

Simple Authentication

Simple authentication is a type of interactive authentication to the user. If you configure simple authentication the user will be prompted for credentials for every new session opened.          

Read more about Simple Authentication                   

SSO Authentication       

SSO authentication is a type of non-interactive authentication to the user. In SSO authentication once the user logged into his/her system then that credentials will be used for all sessions opened by that user.

Read more about SSO Authentication 

Integration of OpenLDAP

Integrate your OpenLDAP server

Read more about OpenLDAP Integration