Automate and Unify User Lifecycle Management
Synchronize identities, automate provisioning, and enforce consistent policies across LDAP, Active Directory, and more.
Eliminate the slow, error-prone, and insecure process of manually managing user accounts in different systems. Our solution creates a real-time, event-driven bridge between your primary directory and Active Directory, ensuring identities are always in sync.
From Identity Silos to a Synchronized Ecosystem
Managing user lifecycles across disconnected directories is a significant security and operational burden. We provide a fully automated solution.
The Challenge
- Manual Provisioning: Creating and updating accounts in both LDAP and AD is a repetitive, time-consuming task prone to human error.
- Password & Attribute Drift: Passwords, group memberships, and user details quickly become inconsistent between systems, causing access issues and security holes.
- Security Gaps: Delayed or forgotten de-provisioning leaves orphaned accounts in Active Directory, creating a major security risk.
The Comtarsia Solution
- Automated Lifecycle Management: Automatically create, update, disable, and delete AD accounts in real-time based on events in your primary LDAP directory.
- Real-Time Synchronization: Keep user profiles, passwords, and group memberships perfectly aligned. A logon or password change in one system is instantly reflected in the other.
- Closed-Loop Security: Instantly disable AD access when a user is disabled or removed from your primary directory, eliminating the risk of orphaned accounts.
Event-Driven Synchronization in Action
Our solution uses an intelligent, event-driven architecture. User actions—like a logon—trigger a seamless, automated workflow that ensures your directories are always in sync.
The Workflow:
- A user authenticates against your primary LDAP directory via a Comtarsia client (e.g., Logon Client).
- The **SignOn Proxy** validates the credentials and, upon success, sends a "Sync User" request containing the user's data.
- The **SignOn Agent for Active Directory**, installed on your domain controller, securely receives this request.
- The Agent performs the necessary actions in AD based on your policies: creates the user if new, updates the password, syncs group memberships, creates a home directory, and more.
Designed for Enterprise Control
Go beyond simple sync with powerful features for granular control and automation.
Automated Provisioning
Define policies to automatically create user accounts in Active Directory on their first successful logon.
Dynamic Group Mapping
Synchronize group memberships by mapping LDAP groups directly to Active Directory groups, ensuring consistent permissions.
Automated Account Cleanup
Set policies to automatically disable and eventually delete AD accounts after a defined period of inactivity, enhancing security.
Home Directory & Profile Creation
Automatically create and set permissions for user home directories and roaming profile paths on your network file shares.
Flexible Attribute Mapping
Use a powerful variable engine to map any LDAP attribute to any AD attribute, ensuring complete profile synchronization.
Secure and Auditable
All communication between components is secured via TLS, and detailed logs provide a clear audit trail for all synchronization activities.
Core Products in this Solution
This solution is powered by the seamless integration of our SignOn Proxy and SignOn Agent.
SignOn Proxy
Acts as the central orchestration hub, validating user credentials against your primary directory and triggering synchronization events.
Learn MoreAgent for Active Directory
The powerful automation engine that securely receives instructions from the proxy and executes all user and group management tasks within AD.
Learn MoreStop Managing Accounts. Start Managing Identities.
Free your IT team from repetitive tasks, eliminate synchronization errors, and enhance your security posture. Contact us to learn how our solution can automate your user management.