What is C2 Identity AD Sync?

What is C2 Identity AD Sync?

C2 Identity AD Sync is an agent that synchronizes user/group information between Active Directory (AD) and C2 Identity. To integrate your AD with C2 Identity, you need to install this agent on a domain controller.

Specifications

System requirements

  • Windows Server 2008 R2 SP1 or above
  • PowerShell 5.1 or above

Limitations

  • Some of the supported Windows Server versions (e.g., Windows Server 2008 R2 SP1) include PowerShell 2.0 by default. To get a compatible version of PowerShell, install the .NET Framework and Windows Management Framework on your Windows Server.
  • C2 Identity AD Sync might not function properly on virtual machines.
  • C2 Identity currently only supports the integration of one directory service.
  • C2 Identity currently only supports one agent per integrated directory.

How C2 Identity AD Sync works

The following are the mechanisms of C2 Identity AD Sync (hereafter "agent"):

  • Update user/group information to C2 Identity: The agent sends information about all users/groups from the synchronized domain to C2 Identity every 90 seconds. Keep in mind that transferred information doesn't include organizational units (OUs), domain controllers, or AD-managed devices.
  • Retrieve user passwords from C2 Identity: When domain users update their passwords through C2 Identity's user portal, the changes are synchronized to the agent in real-time.

How user attributes are mapped to C2 Identity

Active Directory Attributes

C2 Identity Attributes

User logon name1

Username2

E-mail3

Primary email

Display name

Display name

First name

First name

Last name

Last name

Password

Password

Description

Description

Office

Office

Telephone number

Work phone

Address

Address

Telephones - home

Home phone

Telephones - mobile

Mobile phone

Telephones - fax

Fax

Organization - job title

Job title

Organization - department

Department

Notes:

  1. This is the user logon name introduced after Windows 2000. C2 Identity AD Sync maps only the prefixes of user logon names (the part before @) to Usernames in C2 Identity.
  2. If the option Overwrite duplicate users and groups is selected during directory integration, C2 Identity users with the same username will be overwritten.
  3. If an Active Directory user doesn't have an e-mail, its user logon name will be mapped to the Primary email in C2 Identity.
Specifications
System requirements
Limitations
How C2 Identity AD Sync works
How user attributes are mapped to C2 Identity
Further reading