Manage Active Directory Integration

Cisco Secure Access supports the provisioning of users and endpoint devices from Active Directory (AD) into Secure Access. For more information about provisioning of users and groups, see Provision Users and Groups from Active Directory. For more information about provisioning of endpoint devices, see Authenticate Active Directory Devices below.

Once you provision users and endpoint devices from AD, you can manage the organization's AD user or device directory in Secure Access.

Table of Contents

• Prerequisites
• Procedure
• Authenticate Active Directory Devices

Prerequisites

• Full Admin user role. For more information, see Manage Accounts.
• Endpoint device management requires devices provisioned by an on-premise Active Directory domain controller (DC) and Cisco AD Connector version 1.14.4 or newer. For more information, see Manage Active Directory Integration, Connect Active Directory to Secure Access and Configure Updates on AD Connectors.

Procedure

Manage the Active Directory integration for the organization.

1. Navigate to Connect > Users, Groups, and Endpoint Devices, and click Configuration management.
2. On the Configurations tab, navigate to Directories, and then expand Active Directory.

Download the Active Directory Components

1. For Active Directory Connector, click Download.
2. For Windows Configuration Script for Domain Controller, click Download.

Edit the Active Directory Connector Auto-Upgrades

• For more information, see Configure Updates on AD Connectors.

View Active Directory Components

• For more information, see View AD Components in Secure Access.

Manage Sites for AD Components

• For more information, see Manage Sites for AD Components.

Delete Active Directory Integration

• For more information, see Delete AD Components.

Authenticate Active Directory Devices

Configure your Active Directory integration to provision your endpoint device enrollments into Secure Access. The integration will save your configuration changes immediately. For more information, see AD Connector Communication Flow and Troubleshooting and View AD Components in Secure Access.

1. Check the box at the bottom of your Active Directory integration menu to Use a specified property to Authenticate Active Directory Devices.

2. Select a Property to Authenticate from the list of Active Directory machine attributes for certificate-based authentication. Supported attributes are Distinguished Name, Common Name, and DNS Host Name.
3. After making changes to the AD integration, restart the AD Connector to trigger a full synchronization of AD Users, Groups, and Endpoint Devices. For more information, see Restart the Active Directory Connector.

Import Users and Groups from CSV File < Manage Active Directory Integration > Manage Google Workspace Account