C2 Identity Quick Start Guide

C2 Identity Quick Start Guide

Niektóre artykuły zostały przetłumaczone maszynowo z języka angielskiego i mogą zawierać nieścisłości lub błędy gramatyczne. Jeśli ten artykuł jest obecnie dostępny tylko w języku angielskim, tłumaczenie może być dostępne wkrótce.

C2 Identity is a cloud-based identity solution that enables you to regulate user privileges to devices, cloud services, and on-premise solutions while maintaining optimum authentication security.

First-time setup

  1. Sign in to the Synology C2 Portal.1.png
  2. Select a plan and explore C2 Identity's features. Click Get Started and follow the wizard to complete the subscription process.2.png
  3. Set up a domain for your organization. This determines the formats of the following information:
    • C2 Identity user portal: Users managed in C2 Identity (i.e., C2 users) can manage their password, passwordless sign-in, and 2-factor authentication in this portal. The format is https://your_domain.identity.region.synologyc2.com1
    • User principal name (UPN): C2 users use this to sign in to their C2 services. The format is username@your_domain.c2.region1
  4. Create or enter your C2 Encryption Key, and then click Set.2
  5. A pop-up window will show your Recovery Code. Securely store your Recovery Code, since you will need it to recover your C2 Encryption Key in case you lose it.

After completing the previous steps, you will be directed to the C2 Identity admin portal.

Manage user accounts

Creating, synchronizing, or migrating user accounts is the first step to manage directories on C2 Identity. Each of the following sections is categorized depending on your user account management situation.

Once the user accounts are activated, you can proceed to Manage devices for device management.

Add user accounts

Follow the steps in the provided links to create user accounts:

After adding users to the admin portal, make sure to activate their accounts to grant them access to C2 Identity-managed IT resources.

Sync external directories

To enhance operational flexibility, C2 Identity can be integrated with Microsoft Active Directory3 and Synology LDAP Server. With directory synchronization, AD and Synology LDAP users can update passwords on their own and access more resources, such as Macs and cloud apps like Google Workspace.

Follow the steps in the provided links:

Create a one-time migration

  • LDAP users
  • Migrate LDAP users to C2 Identity for streamlined management of user identities and access. Refer to the following information for a seamless directory migration:

Manage devices

C2 Identity agent pre-deployment reminder

C2 Identity provides authentication for C2 Identity accounts and signals the users to connect to the internet for data synchronization with the C2 Identity server under the following conditions:

  • Newly-created user accounts must be connected to the internet using Ethernet cables for their first logins to sync the users' data.
  • Existing users can be authenticated locally. However, if the existing users change their passwords on the C2 Identity web portal, they must reconnect to the internet for authentication. Otherwise, the agent will require users to enter their previous password to authenticate the new password.

Deploy the agent and add your devices on C2 Identity

After you have managed the user accounts, install the C2 Identity agent on your endpoint devices and allow C2 Identity to manage the user accounts using one of the methods listed below:

To take over existing accounts, make sure existing account names on devices and C2 Identity usernames are identical. If an account name is not matched with the one in C2 Identity, the system will assume that the username is new and will create a new user profile.

If you want C2 Identity to take over all of your existing domain or local user accounts and their access privileges, account usernames must be migrated to local accounts first and must be identical to C2 Identity usernames.

  • If you use Microsoft Active Directory to manage PCs across your organization, refer to this article to take over existing domain accounts.
  • To take over existing local accounts with different usernames from C2 Identity, refer to this article.

Configure device privileges

By default, all users are assigned the General user privilege on the device. Use the following steps to assign an appropriate privilege type or remove a user's assigned privilege.

  • To assign privileges
  • To remove privileges
    1. In the C2 Identity Admin Portal, go to the Managed Device page.
    2. Click the name of a device.
    3. Go to the Privileges tab.
    4. Tick the users/groups you want to remove from the device.
    5. Click on More or 3.png > Remove next to the selected users/groups.

To revoke the default General user privilege from all users, you can simply remove the Everyone group at the Privileges tab.

Integrate cloud and on-premise services

Integrate with on-premises services

C2 Identity's authentication for access to on-prem services (e.g., Synology Drive, SMB, etc.) is provided by edge servers. Refer to the following articles to set up an edge server and join your services to the local directory.

Integrate with other cloud services

C2 Identity allows you to provision and authenticates users' access to cloud services via single sign-on (SSO). Refer to the following articles to set up SSO and user provisioning for your cloud services.

Manage credentials with C2 Password

If you are a C2 Identity Business subscriber, you can use its bundled service, C2 Password Business, which offers users more login options. Aside from C2 Identity's single sign-on (SSO) feature, your team members can also sign in to apps by letting C2 Password autofill their login information.

C2 Password Business is designed for large-scale credential management. In addition to granting users access to its features available on personal plans, it also allows you to manage shared credential vaults for your organization. Refer to the following link and articles to set up C2 Password Business.

Notes:

  1. The region is the location of your C2 services' data center, such as eu or us.
  2. Your C2 Encryption Key is used to lock and unlock your C2 data, with the exception of C2 Storage and C2 Surveillance, which use a different encryption mechanism. Safely store your C2 Encryption Key and share it only to people you want to give access to your encrypted data.
  3. All AD changes will be synchronized to C2 Identity in real-time.
  4. All imported user accounts need to be activated after user account migration.

Further reading

Contents
First-time setup
Manage user accounts
Add user accounts
Sync external directories
Create a one-time migration
Manage devices
C2 Identity agent pre-deployment reminder
Deploy the agent and add your devices on C2 Identity
Configure device privileges
Integrate cloud and on-premise services
Integrate with on-premises services
Integrate with other cloud services
Manage credentials with C2 Password
Further reading