Setup and Sync
- Zoho Settings
- LDAP Credentials
- Sync Preferences
- Directory Sync
- Password Sync
- Schedule Sync
- Click on 'Authorize with Zoho'.
- accounts.zoho.com will open in a separate window, where you will get authtoken to handle further requests.
2.1. Unauthorized User
When users who don't have permission to Admin console (not an org admin) tries to setup Directory Sync, they will get an error message.
2.2. Prompt Proxy Settings
If the connection had failed due to proxy, then user will get a prompt.
2.3. Successfully logged in
- Once logged in, you will be able to see who installed the tool.
- The User who installed this will have Ownership and authorization privileges of Zoho Directory Sync.
- Please note that if this user's account is disabled by the admin then access to the tool might be lost.
- Hence to prevent this, there is a Re-Authorize button in the top right corner. By clicking this, the admin can change the ownership of the tool.
- Enter the required details and click on ADD.
Note: If you have multiple domain controller then enter them comma separated, and also make sure the domain controller names are fully qualified.
- The next screen will display the domain list. If needed, you can add domains by clicking on Add Domain in the top right corner.
Under Sync Preferences you can set the rules needed for your synchronization. There are 4 sub-headings under Sync Preference. Let's take a look at each heading.
4.1 Filter OUs/Users
- Here you can select Organizational Units or configure advanced LDAP queries.
- Go ahead and click Add OU's.
- You can choose multiple based DN to apply the query.
- Test your LDAP query by clicking on the Test LDAP Query button.
4.2. Exclusion Rules
- Here you can set rules based on the criteria you need.
- The users matching these criteria will be excluded during the scheduled sync.
- Click on Add Rule button in the top right corner and fill in the details of your rule.
4.3. Attribute Definition
- Here you can select the required attributes based on which the synchronization will happen.
- You can select from email, first name, language etc..
- You can edit each attribute by hovering over the attribute and clicking on edit icon.
4.4 Sync Settings
Here you can choose the action to be done when accounts are deleted or disabled in LDAP server.
Under Directory Sync, you can select the users and groups to be added/deleted to the server.
- The Users to Update column will list the users who have been updated in LDAP server. Their attributes will be synced to Zoho when you click Sync.
- The Users to create column will list new users from LDAP results. Here you can select the users to be added and their attributes will be synced to Zoho when you click Sync.
- The Users to disable column will list the users not available in LDAP result.
- The Groups to Update column will list the groups that have been updated in LDAP. Their attributes will be synced to Zoho when you click Sync.
- The Groups to Create column will list new groups from LDAP results. Here you can select the groups to be added and their attributes will be synced to Zoho when you click Sync.
- The Groups to Disable column will list the groups not available in LDAP result.
Password Synchronization allows end-users to use a single identity, subject to a single password policy, across various systems and applications.
- The Password Sync tool must be installed on all the domain controllers in a domain including the primary domain controller.
- The domain controllers should have been a Full installation instead of a Server Core installation.
- The domain controllers should have the Microsoft .NET Framework 2.0 or 3.5 profile installed. Even if you have a higher version, please make sure you have .NET Framework 2.0 or 3.5 is also installed.
- Make sure the Message Queuing service is enabled and is running before starting the installation of the password sync tool.
Note: Before installation of the password sync agent, when you create the users, default passwords will be given using which the users can log into their account. These default passwords can be changed later.
After installation of the password sync agent, when you create new users, their passwords will be synchronized with Active Directory. The passwords of existing users will not be read. If all users' passwords need to be synced then please request them to change their account passwords. The newly updated passwords will be synchronized with active directory.
Here, set the schedule for synchronization. The sync will happen automatically at the scheduled time.
Under Report you can view the history of all your synchronizations done. The report will list the user names and groups along with status of the sync.
You can view the reports of the scheduled times and reaffirm their statuses. A Retry button will be provided in case the scheduled sync fails.
Here you can enable settings like language preference, mail notification, auto update, proxy and delete configurations.