Rubex Directory Sync Tool (Active Directory | LDAP)
The Rubex Directory Sync Tool enables a connection to a directory service like Active Directory via LDAP (Lightweight Directory Access Protocol) for user and group management. Utilizing a directory service with all of your user and group information already in place will save you valuable time as well as ensure that the right people have access at the right time, and that access is revoked at the right time as well.
The Rubex Directory Sync Tool is a small application that is installed on a device/server on your network that can be connected to your directory service via the domain and server
Getting Started
Prerequisites
Your organization must have a directory service that is compatible with LDAP (Lightweight Directory Access Protocol).
We recommend that you install the Rubex Directory Sync Tool on an application server and not a user workstation. A user with User Management system permissions will be required to setup and configure the Rubex Directory Sync Tool.
Setup
The Rubex Directory Sync Tool will need to be downloaded and installed to function.
Navigate to the Revver Admin area and select Users > User Directories
Download the Rubex Directory Sync Tool installer
Open and run the installer package
After install completion the Rubex Directory Sync tool will launch
A Revver user with User Management system permissions will need to authenticate into their Revver account
Input the directory service details to connect with
Optional LDAP query step enables you to refine what users and groups are pulled into the Rubex Directory Sync Tool
Upon successful connection to directory service, Users and Groups will be displayed in the sync tool. No syncing to Revver has happened at this point.
Syncing Users and Groups to Revver
Individual users can be selected and synced to Revver. Select the checkbox next to a user and select Sync to Rubex. A user will be provisioned in your Revver account with the email associated with the user per the connected directory service if a user with that email address does not already exist.
Selecting a Group to sync to Revver will sync all users and subgroups. If only a subgroup or single user in a group(child object) is synced, the parent group will indicate a partial sync in the tool with a “Child Synced” label.
Any groups that are synced will have a corresponding Group created in Revver, along with all associated users. The users will be provisioned and added to the proper synced Group per the connected directory service configuration.
Once users or groups are synced to your Revver account, all licenses, system permissions, and item access permissions are managed directly in Revver.
How Rubex Directory Sync operates for accounts with existing users
If you've already added users to your Revver account, there are a few things you should know before configuring your Rubex Directory Sync Tool and syncing users.
Prior to connecting and syncing via the Rubex Directory Sync Tool, user accounts and groups in the Revver are considered console-managed. When users and groups are console-managed, you can edit user and group information directly in Revver.
Once you configure the Rubex Directory Sync Tool and the first sync occurs, the synced users and groups are considered directory managed. When users are directory managed, you will need to edit user and group information in your directory and these changes are then pushed to Revver during the next sync.
During the first sync, the tool will automatically match console-managed user accounts with accounts in your directory based on email address. This process will convert any matched users from being console-managed to directory managed. We've outlined how this process works below:
You will install and configure the ADI sync tool in your environment.
You will configure what information you want to sync from your Active Directory.
If a directory user has an email address that matches an existing Revver user account, then that user account becomes directory managed.
If a directory synced user is not found in Revver, then a directory managed user account is created.
Once you configure your directory integration, user information will stay up-to-date with the information in your organization's directory provider.
Sync Status
The Rubex Directory Sync Tool will check for any changes in your directory provider periodically. A connection refresh or check for updates can be manually triggered in the tool. The last sync time will be reported in the Rubex Directory Sync Tool to be able to ensure that all data is current and up to date
Disconnecting Directory
If for some reason you need to remove the connection to your directory provider, you can elect to unlink the synced users and therefore keep those user accounts in Revver in which they would become console managed users instead of directory managed.