About directories

A directory is a service that your enterprise uses to manage users and user groups. To authorize user access to domains or URLs, you add directories to ETP and associate them with IdPs.

ETP supports these directory services:

  • Cloud Directory. A directory that's included with ETP to provide user access to the Internet without integrating LDAP.

  • Active Directory (AD). AD is a directory service that automates domain network management. To integrate an AD to ETP, you need to associate the AD with an IdP. You also need to have a functional Active Directory setup with administrator privileges.

  • Lightweight Directory Access Protocol (LDAP). LDAP is a platform-independent software protocol that's used to store and retrieve information about users, applications, and resources such as files and devices in a network that's on the public Internet or internal intranet. Select this directory type if you are using an LDAP or OpenLDAP directory.

  • Active Directory Lightweight Directory Services (AD LDS). AD LDS is a light-weight version of AD. It includes the same functionality as AD but does not require domain or domain controllers. It provides directory services and runs independently of AD. Multiple instances can run on the same Windows server.

  • System for Cross-domain Identity Management (SCIM). SCIM is an open API designed to make managing user identities in cloud-based applications and services easier and faster. User provisioning with SCIM is supported with Microsoft Azure and with Okta.

As part of a directory configuration, you need to associate an identity connector. An identity connector is a virtual appliance that you deploy behind the firewall in your data centers or hybrid cloud environments. It allows ETP to synchronize with your organization's AD or LDAP. For more information, see About identity connectors.

In ETP, you can import groups from AD, LDAP, or AD LDS. For instructions, see Import groups from AD, LDAP, or AD LDS.

Cloud directory

Every tenant is provisioned with ETP Cloud Directory to provide user access to the Internet without integrating your LDAP. In ETP, you can add users and groups to this directory. By default, all users you add to this directory are part of the main Users group.

Add a user to Cloud Directory

As part of your test process, you can add users to Cloud Directory.

When you add a user, you can set a temporary password for the user or send them an email where the user is invited to set up an account.

To add a user to Cloud Directory:

  1. In the Threat Protection menu of Enterprise Center, select Identity & Users > Directories.

  2. Click Cloud Directory.

  3. Click the plus sign icon to add a new user.

  4. In the Name column, enter the first and last name of the user.

  5. In the Email/Username, enter the email address of the user. This is also the user's username.

  6. In the Password column, do one of these steps:

    • To manually assign a password to the user, enter a temporary password in the password field.

    • To send an email where the user is invited to create an account and set up a password, select Send Invite.

  7. Click the check mark icon to save user information.

  8. Click Save.

Upload users in bulk to Cloud Directory

As part of your test process, you can upload users to Cloud Directory.

Before you begin

  1. Create a CSV file that contains users listed in each row. Make sure each row contains this information:

    email, first_name, last_name, password, group(s)

    Separate information with a comma.

  2. Save the CSV file to a secure location.

To upload users in bulk to Cloud Directory with a CSV file:

  1. In the Threat Protection menu of Enterprise Center, select Identity & Users > Directories.

  2. Click Cloud Directory.

  3. In the Users tab, click the upload icon.

  4. Review the information on the dialog to make sure that you configured the CSV file correctly.

  5. Click the file icon to find and select the CSV file.

  6. Click Upload.

Add a group to Cloud Directory

As part of your test process, you can add a group to Cloud Directory.

To add a group to Cloud Directory:

  1. In the Threat Protection menu of Enterprise Center, select Identity & Users > Directories.

  2. Click Cloud Directory.

  3. Click Groups.

  4. Click the plus sign icon to add a new group.

  5. In the Group Name field, enter a group name.

  6. In the Group Description field, enter a description for the group.

  7. Click the check mark icon to save the group.

  8. Click Save.

Re-invite Cloud Directory users

You can choose to re-invite users to activate their account and set a password. This operation sends an email with instructions and a link that allows the user to reset their password.

To re-invite Cloud Directory users:

  1. In the Threat Protection menu of Enterprise Center, select Identity & Users > Directories.

  2. Click Cloud Directory.

  3. Locate and hover over the user that you want to re-invite.

  4. Click the user icon to invite the user.

Associate Cloud Directory users to a group

Before you begin

To associate a user to a group in Cloud Directory:

  1. If you are not already viewing users or groups in Cloud Directory, in the Threat Protection menu of Enterprise Center, select Identity & Users > Directories.

  2. To associate a user to a group from the User's tab:

    1. Locate and hover over the user that you want to assign to a group.

    2. In the Groups column, click the number of groups associated with that user.

    3. In the dialog that appears, select the group or groups that you want the user to be associated with.

    4. Click Associate.

  3. To associate a user to a group from the Groups tab:

    1. Locate and hover over the group that you want to associate with a specific user.

    2. In the Users column, click the number of users assigned to the group.

    3. In the dialog that appears, select user or users that you want to associate with the group.

    4. Click Associate.

  4. Click Save.


Did this page help you?