C2 Identity Quick Start Guide
C2 Identity Quick Start Guide
Niektóre artykuły zostały przetłumaczone maszynowo z języka angielskiego i mogą zawierać nieścisłości lub błędy gramatyczne. Jeśli ten artykuł jest obecnie dostępny tylko w języku angielskim, tłumaczenie może być dostępne wkrótce.
C2 Identity is a cloud-based identity solution that enables you to regulate user privileges to devices, cloud services, and on-premise solutions while maintaining optimum authentication security.
First-time setup
- Sign in to the Synology C2 Portal.
- Select a plan and explore C2 Identity's features. Click Get Started and follow the wizard to complete the subscription process.
- Set up a domain for your organization. This determines the formats of the following information:
- C2 Identity user portal: Users managed in C2 Identity (i.e., C2 users) can manage their password, passwordless sign-in, and 2-factor authentication in this portal. The format is
https://your_domain.identity.region.synologyc2.com
1 - User principal name (UPN): C2 users use this to sign in to their C2 services. The format is
username@your_domain.c2.region
1
- C2 Identity user portal: Users managed in C2 Identity (i.e., C2 users) can manage their password, passwordless sign-in, and 2-factor authentication in this portal. The format is
- Create or enter your C2 Encryption Key, and then click Set.2
- A pop-up window will show your Recovery Code. Securely store your Recovery Code, since you will need it to recover your C2 Encryption Key in case you lose it.
After completing the previous steps, you will be directed to the C2 Identity admin portal.
Manage user accounts
Creating, synchronizing, or migrating user accounts is the first step to manage directories on C2 Identity. Each of the following sections is categorized depending on your user account management situation.
Once the user accounts are activated, you can proceed to Manage devices for device management.
Add user accounts
Follow the steps in the provided links to create user accounts:
After adding users to the admin portal, make sure to activate their accounts to grant them access to C2 Identity-managed IT resources.
Sync external directories
To enhance operational flexibility, C2 Identity can be integrated with Microsoft Active Directory3 and Synology LDAP Server. With directory synchronization, AD and Synology LDAP users can update passwords on their own and access more resources, such as Macs and cloud apps like Google Workspace.
Follow the steps in the provided links:
Create a one-time migration
- Microsoft Active Directory
- Import users and groups from Microsoft Active Directory.
- Activate imported user accounts.
- Remove endpoint devices from AD domains, and convert domain accounts on the devices to local user accounts.
Migrate AD objects and configurations to manage Active Directory (AD) users and endpoints on C2 Identity. Refer to the following information for a seamless directory migration:
- LDAP users
- Import users and groups from an LDAP server.
- Imported users do not have NTLM hashes, which are required to support certain legacy protocols (e.g., SMB and RADIUS). For C2 Identity to automatically generate NTLM hashes for users, the password must be reset while deploying edge servers.
Migrate LDAP users to C2 Identity for streamlined management of user identities and access. Refer to the following information for a seamless directory migration:
- Azure AD and Google Workspace directories
Export user accounts from either of the services before importing them to C2 Identity.4 Refer to the following articles:
Manage devices
C2 Identity agent pre-deployment reminder
C2 Identity provides authentication for C2 Identity accounts and signals the users to connect to the internet for data synchronization with the C2 Identity server under the following conditions:
- Newly-created user accounts must be connected to the internet using Ethernet cables for their first logins to sync the users' data.
- Existing users can be authenticated locally. However, if the existing users change their passwords on the C2 Identity web portal, they must reconnect to the internet for authentication. Otherwise, the agent will require users to enter their previous password to authenticate the new password.
Deploy the agent and add your devices on C2 Identity
After you have managed the user accounts, install the C2 Identity agent on your endpoint devices and allow C2 Identity to manage the user accounts using one of the methods listed below:
To take over existing accounts, make sure existing account names on devices and C2 Identity usernames are identical. If an account name is not matched with the one in C2 Identity, the system will assume that the username is new and will create a new user profile.
If you want C2 Identity to take over all of your existing domain or local user accounts and their access privileges, account usernames must be migrated to local accounts first and must be identical to C2 Identity usernames.
- If you use Microsoft Active Directory to manage PCs across your organization, refer to this article to take over existing domain accounts.
- To take over existing local accounts with different usernames from C2 Identity, refer to this article.
Configure device privileges
By default, all users are assigned the General user privilege on the device. Use the following steps to assign an appropriate privilege type or remove a user's assigned privilege.
- To assign privileges
- To remove privileges
- In the C2 Identity Admin Portal, go to the Managed Device page.
- Click the name of a device.
- Go to the Privileges tab.
- Tick the users/groups you want to remove from the device.
- Click on More or > Remove next to the selected users/groups.
To revoke the default General user privilege from all users, you can simply remove the Everyone
group at the Privileges tab.
Integrate cloud and on-premise services
Integrate with on-premises services
C2 Identity's authentication for access to on-prem services (e.g., Synology Drive, SMB, etc.) is provided by edge servers. Refer to the following articles to set up an edge server and join your services to the local directory.
- Set up an edge server
- Convert Synology LDAP Server into an edge server
- Join devices to an edge server
Integrate with other cloud services
C2 Identity allows you to provision and authenticates users' access to cloud services via single sign-on (SSO). Refer to the following articles to set up SSO and user provisioning for your cloud services.
Manage credentials with C2 Password
If you are a C2 Identity Business subscriber, you can use its bundled service, C2 Password Business, which offers users more login options. Aside from C2 Identity's single sign-on (SSO) feature, your team members can also sign in to apps by letting C2 Password autofill their login information.
C2 Password Business is designed for large-scale credential management. In addition to granting users access to its features available on personal plans, it also allows you to manage shared credential vaults for your organization. Refer to the following link and articles to set up C2 Password Business.
- C2 Password portal:
https://your_domain.password.region1.synologyc2.com
- C2 Password Business Quick Start Guide
- C2 Password - Tutorials & FAQs Overview
Notes:
- The
region
is the location of your C2 services' data center, such aseu
orus
. - Your C2 Encryption Key is used to lock and unlock your C2 data, with the exception of C2 Storage and C2 Surveillance, which use a different encryption mechanism. Safely store your C2 Encryption Key and share it only to people you want to give access to your encrypted data.
- All AD changes will be synchronized to C2 Identity in real-time.
- All imported user accounts need to be activated after user account migration.
Further reading
- C2 Identity - Tutorials & FAQs Overview
- For other C2 Identity-related articles, you can visit this page.