• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

On-Premises Active Directory

This article describes integration with Active Directory/LDAP through the Active Directory/LDAP Connector that you install on your network.

• The LDAP connector
• Enabling an AD/LDAP Connection
• Installing the connector on your network
• Access Error troubleshooting

The LDAP connector

The AD/LDAP Connector (1), is a bridge between your Active Directory (2) and the Service (3). This bridge is necessary because AD is typically restricted to your internal network, and it is a cloud service running in a completely different context.

For high availability and load balancing, you can install multiple instances of the connector. All connections are outbound from the connector to the network, so changes to your firewall are generally unnecessary

Enabling an AD/LDAP Connection

1. Log in to your Management Platform, and navigate to Settings and then Identity Providers.

   

2. Select + Add Provider.

3. Choose Active Directory / LDAP and select Continue.

   

4. In the List of domain names field, list the user email domains that will be allowed to log in to this AD/LDAP connection. For example sonicwall.com.

   

   If you are not sure what is your domain name, you can find it under Active Directory Users and Computers.

   

5. Select Done.

   

6. Download the Install Windows Agent on the next page to your machine.

   Make sure to keep the TICKET URL on hand as you will need it later.

Installing the connector on your network

The Connector is packaged as a standard Microsoft Installer file (MSI).

Run the installer

1. You will need to install the connector on the same machine that the Active Directory is running.

   Run the installer and follow the instructions:

   

   The AD/LDAP Connector in Windows is installed as a Windows Service:

   

   Link to SonicWall

   Once the installation is complete, you will see the following screen in a browser pointing to localhost:

   

2. Enter the TICKET URL provided when you provisioned the connection in the initial step above.

   The TICKET URL uniquely identifies this connector. The Connector will use this to communicate with our service and automatically complete the configuration

   If you receive an "unable to get local issuer certificate" error, you need to set an environment variable NODE_TLS_REJECT_UNAUTHORIZED with value 0 in your Windows/Linux system, and then restart the two Auth0 services (further instructions here).

Link to LDAP

1. Once you have entered the TICKET URL, you need to enter the LDAP settings:

   

   • LDAP Connection String (e.g., ldap://ldap.internal.acme.com): This is the protocol + the domain name or IP address of your LDAP server. Your LDAP server is the local domain controller where Active Directory is installed. The protocol can be either LDAP or LDAPS. If you need to use LDAPS make sure that the certificate is valid in the current server (auto-populate).
   • Base DN (eg: dc=acme,dc=com): This is the base container for all the queries performed by the connector (auto-populate).
   • Username (eg: cn=svcauth0,dc=services,dc=acme,dc=com): The full name of a user with administrator rights to perform queries.
   • Password: The password of that user.
   • No need to fill in any of the other fields.

   Once you submit the above information, the connector will perform a series of tests:

   

   Make sure that all tests are in green.

2. Apply custom configuration to the connector config file.

   The config.json file is the AD/LDAP Connector's main configuration file. The file is located in the install directory for the AD/LDAP Connector, which (for Windows) is usually found at C:\Program Files (x86)\Auth0\AD LDAP Connector.
   

3. Add the following row into the json file (can be opened in any text editor) right after the second row:

   Shell'"LDAP_USER_BY_NAME": "(mail={0})",`

   

4. Save the config.json file.

5. Note: The integration will not be successful unless all users have their email addresses filled in.

   

6. Restart the AD/LDAP Connector service (the Auth0 ADLDAP and Auth0 ADLDAP Admin services in Windows).

   

   Congratulations, your AD/LDAP is installed, connected and ready to use within SonicWall.

Access Error troubleshooting

If your users are getting access error after the configuration, please check these steps.