SignOn Agent for Active Directory
On-demand automatic user management
for Active Directory.
Automate and Secure Your AD Identity Lifecycle
The SignOn Agent eliminates manual Active Directory tasks, reduces errors, and ensures that user permissions are always in sync with your master directory.
Integrated Triggering
Automated Active Directory Account Management triggered by Logon Client, Web Gateway and LDAP Directory Replicator via the SignOn Proxy Service.
Smart Account Updates
The Active Directory User Account is updated automatically according to a configuration Profile, any LDAP Attribute / Group, or Client Variable.
Password Management
Password Synchronization, Session Password Window, PKI Integration for comprehensive authentication security.
User Lifecycle Control
User Account TTL: Automated User Expiration, User Deactivation, User Removal for enhanced security management.
The Secure Worker on Your Domain Controller
The SignOn Agent for Active Directory is a lightweight service installed with access to your Domain Controllers. It listens for secure, TLS-encrypted commands from the Comtarsia SignOn Proxy.
When an event occurs—like a user authenticating via the Logon Client or Web Gateway—the SignOn Proxy instructs the agent to perform the necessary actions in AD. This ensures your Active Directory is always a perfectly synchronized replica of your central identity policies.
Architecture Overview
The diagram shows how the SignOn Agent integrates with your existing Active Directory infrastructure to provide seamless, automated user management.
Granular Control Over Every User Action
Our powerful policy and mapping engines give you complete control over how user accounts are managed within Active Directory.
Powerful Sync Policies
Define exactly what happens when a user account is created or updated. The agent gives you precise, event-driven control over key AD attributes.
- Password Management: Set passwords on user creation, force updates on every login, or only update when necessary.
- Account Expiration: Automatically set or update the account expiration date to enforce time-based access.
- Home & Profile Directories: Create user home and profile directories on creation or update, with support for dynamic paths (e.g., `\\server\homes\%USERNAME%`).
- Error Handling: Define actions on sync errors, including the option to automatically disable an account to prevent unauthorized access.
Intelligent Group Mapping
Automate Active Directory group assignments based on a user's group membership in your central LDAP directory. Eliminate manual "add to group" requests and ensure permissions are always correct.
- 1-to-1 Mapping: Directly map LDAP group names to identically named AD groups.
- Custom Mapping Table: Define specific mappings for when group names differ between directories.
- Safe Exclusions: Specify a list of critical AD groups (like Domain Admins) that the agent should never modify, adding a layer of safety.
Eliminate Manual AD Tasks and Enhance Security
Ready to streamline your Active Directory management? Contact us to see how the SignOn Agent can automate your user lifecycle and free up valuable IT resources.
Request a Demo