Integration with Windows Active Directory

Integrating a Windows Active Directory (AD) into Security Center allows you to manage all personnel and security information from a single location, whether it is for logical security (IT) or for physical security (controlling access to physical locations).

With AD integration, you can import security groups from an AD into Security Center as user groups, cardholder groups, or both. Members can be imported as users or cardholders. Both standard and custom attributes can be imported from the AD. Most imported fields can only be modified within the AD and are read-only in Security Center.

You can import entities from more than one AD if necessary. For example, from Security Center, you can manage access to a facility shared by multiple companies, such as an office building. As system administrator, you can import users and/or cardholders from their individual Active Directories, and manage them in separate partitions.

For larger AD setups that have many domains that are part of an AD forest, Security Center supports synchronizing Universal groups and connecting to a global catalog. A single Active Directory role can be used to synchronize a universal group. For more information about using Universal groups and global catalogs with Security Center, see About universal groups and global catalogs.

NOTE: Make sure that the server running the Active Directory Role is part of the domain that you are trying to synchronize.

How AD integration works

To import users and/or cardholders from an AD, you must create an Active Directory role for the AD you want to import. The Active Directory role connects your Security Center system to an Active Directory server, and imports users and/or cardholders from selected security groups. Imported entities are identified in Security Center by a yellow arrow () superimposed on the regular entity icon.

The Active Directory role synchronizes all the changes made on the AD with the imported entities in Security Center. It also pushes the logon credentials of imported users to the AD service for validation.

Benefits of AD integration

Having a centralized security information management system provides many benefits:

Less data entry means fewer errors and better control during initial Security Center setup, because users and cardholders can be imported from an existing AD.
Consistency and better security because all shared information is entered only once.
- A new user account that is added to an imported security group automatically adds a new user and/or cardholder in Security Center.
- A user account that is disabled in the AD automatically disables the corresponding user and/or cardholder in Security Center.
Single logon capability for synchronized Security Center users. Users logged on to Windows do not have to log on to Security Center.