Igloo LDAP Sync Tool (ILST)
The Igloo LDAP Sync Tool (ILST) is an Igloo-developed application that automatically syncs users from one or more LDAPv3-supported data sources (e.g., Microsoft Active Directory, Azure AD) to your digital workplace.
Sections in this article:
- What the ILST does
- How the ILST works
- Configuring the ILST
- Security
- Where to get the ILST
- ILST version support
- ILST data flow diagram
What the ILST does
The ILST can perform the following actions in your digital workplace:
- Create users
- Update user profile fields through 1-to-1 mapping with attributes in your data source.
- Update the membership of already existing groups
- Revoke users
How the ILST works
The following is a high-level overview of the ILST process:
- Set-up:
- You must install the ILST locally on a device that meets the following criteria:
- Uses a Windows operating system.
- Has .Net 4.6.1 Framework installed.
- Has access to both your LDAP-supported data source.
- Has access to the internet.
- The hardware requirements of the ILST are negligible.
- You must modify the ILST config.xml file to provide credentials, queries, and mappings.
- You must install the ILST locally on a device that meets the following criteria:
- Syncing:
- The ILST uses the provided credentials to connect to the configured LDAP-supported data source(s).
- The ILST receives results from the data source(s) based on the provided query.
- The ILST then maps those results against the data in your digital workplace and then, using secure Igloo APIs, makes the necessary updates to your digital workplace.
The ILST does not include a built-in scheduler for automating the frequency and time of syncs. However, you can use tools such as Microsoft's Start Task Scheduler to accomplish this behavior. For more information, see Using Task Scheduler to run the ILST.
You should not run the ILST at a frequency that would cause it to start a sync before a previous sync is finished. The time it takes to run the sync is influenced by a number of variables, however, the first sync you run will always take the longest amount of time.
Configuring the ILST
The following articles relate to configuring the ILST:
- For a step-by-step guide on setting up the ILST, see Configuring the ILST.
- For more information about the ILST config.xml file, see ILST configuration reference guide.
- For creating LDAP Search Strings, see Common LDAP Search Strings used with the ILST.
- For common revoke settings, see Revoking users with the ILST.
- For syncing groups, see Finding group GUIDs for ILST group mapping.
- For testing the ILST before running it against your digital workplace, see Running the ILST in test mode.
- For modifying how the ILST logs events, see Changing how the ILST logs events.
- For solutions to common issues, see Solving ILST errors.
Please be aware of the following when working with the corresponding LDAP-supported data source:
- The data source must support LDAPv3.
- You can only sync manager fields and profile photos if your LDAP-supported data source is an on-prem Microsoft Active Directory.
- Azure Active Directory: You must have Azure Domain Services enabled.
If your digital workplace has SAML authentication enabled ensure that you disable its ability to create users. The User creation on Sign in option is found on the SAML Configuration page in your digital workplace.
Security
Additional information regarding how the ILST functions:
- The ILST only reads data from the connected data sources and will not modify, remove, or collect any data.
- The ILST can run on any server in the domain as long as that server can access both the LDAP-supported data source and the internet.
- The ILST can use LDAP or LDAPS (LDAP + SSL) and any port, not just the standard LDAP ports.
- The ILST connects to Igloo and makes API calls using HTTPS (port 443).
- The ILST encrypts connection and API passwords using AES encryption.
- The ILST communicates via TCP.
Where to get the ILST
Only verified users of existing Igloo customers can download the ILST. If your organization has an Igloo digital workplace and you are having issues accessing the download location, contact Igloo Support.
Follow the ILST file linked above to receive notifications about new versions of the tool.
Whenever the ILST is updated, changes are documented in the ILST Release Notes article.
ILST version support
Only the most recent version of the ILST is supported. Please ensure that you are running the latest version (4.0.1.0) before reporting any issues. To learn more about updating the ILST, see Updating the ILST.
ILST data flow diagram
