Logo
Submit a request Sign in
  1. LogmeOnce
  2. FAQs: Team & Enterprise
  3. Getting Started - For Administrators
  • Video Tutorial
  • Submit a Request

Articles in this section

  • How to signup for A LogMeOnce Team/Enterprise edition account
  • LogMeOnce deployment and implementation overview
  • Getting started with LogMeOnce Business/Enterprise edition
  • LogMeOnce top security feature overview
  • LogMeOnce administration overview
  • LogMeOnce deployment and communication plan
  • How to add users/employees 
  • Active Directory Integration
  • Setup Azure Active Directory SSO with LogMeOnce
  • Azure SCIM Integration Configuration
See more

Active Directory Integration

Avatar
Support Team
August 14, 2021 03:46
Follow

 

ad-install-2.png

 

Getting Ready with Active Directory (AD) Integration 

LogMeOnce AD integration is based on locally installed agent in your environment to provide better security while maintaining a "zero knowledge" technology architecture. The communication between Agent and LogMeOnce server is a secure communication over Https protocol. LogMeOnce does not require any firewall changes by your administrator.

  • AD agent - AD Agent is installed on a Windows system which links your LogMeOnce main account with your Active Directory. For High Availability (HA), you can install multiple AD agents in your environment as need.

Prior to installing the AD Agent, please review the required account section and ensure all accounts prerequisites are met.

 

Supported Operating system

  • Windows 10 (For POC). Windows server 2012 R2, Windows Server 2016, or Windows Server 2019
  • .NET 4.5 or later.

 

Required prerequisites accounts 

  • Windows account - This account is used to install the AD agent. During installation, it creates a new LogMeOnce Service Account or use your existing dedicated LogMeOnce service account. It is recommended that this windows account to be a member of the domain admins group and have local administrator privileges.  
  • LogMeOnce service account - The service account is an AD domain service account which is used to run the service. This service account can be created by installer automatically, or by administrator manually. If it is created automatically by the installer, it is called LogmeOnceService and is member of the domain user group. If you create it manually, it should be member of the domain user group with "password set as never expires" and grant logon as a service to the domain user. If you get issues during installation due to service privileges', please check whether you have appropriate permissions, and if username and password are entered correctly.
  • LogMeOnce account - This is your LogMeOnce administrator or owner account that was used to create your LogMeOnce account. For audit trail, it is recommended to create a separate account for the agent integration for example adagent@YourCompany.com. This will help to segregate all agent operations separately and to effectively meet compliance requirements. 
Account  Windows Privilege Purpose
Windows Account
  • Member of the domain admins group
  • Have local administrator privileges
This account is used to install the AD agent.
LogMeOnce service account
  • Member of the domain user group
  • Password set as never expires
  • Grant logon as a service
This account is used to run AD Agent Service.
LogMeOnce account
  • Is a LogMeOnce Super Administrator or Administrator
  • Or any LogMeOnce user with Directory (Create, Update, View, Delete) permissions assigned to them. This could be the example adagent@yourcompany.com
This account is used to authenticate the LogMeOnce AD Agent with your LogMeOnce account.

 

Assigning a user account Logon as Service Rights

If you need to assign a user account Logon as Service rights, follow these steps:

 

Agent15-6.png

  • Open Windows control panel. Open Administrative Tools.
  • Open Local Security Policy.
  • In the left pane, click Security Settings -> Local Policies -> User Rights Assignments.
  • In the right-hand pane, find the policy Log on as a service.
  • Right-click Logon as a service, and then click Properties.
  • In the Properties box, add the domain/serviceuser, and then click OK.

Active Directory Provisioning Groups

  • Create a Group in AD called "LogMeOnce". This group can be used to add users who need to be provisioned to LogMeOnce from AD.

Download AD Agent

  • Login to the LogMeOnce Account mentioned under required account and from "Smart Menu" go to "Directories". This will show a lot of all your directories installed, their status, number groups and users imported in real time.  This is a Unified Directory solution, hence you can add as many directory services as you wish.

AD1.png

  • Click on Add Directory 

AD2.png

  • Click on Download LogMeOnce Active Directory Agent (below image)

AD3.png

 

Installation Steps

  • Start the AD Agent setup agent_2.0.4.exe installation and Click on Next to start installation.

Agent32.png

  • To proceed, you would need to agree with terms and click on Next

Agent42.png

  • You have the option to allow LogMeOnce to create the service account used by AD Agent or use your existing service account. Please select and follow required privileges shown above at " Required prerequisites accounts" section, and then click on Next. 

Agent15-1.png

  • Enter LogMeOnce account information and click on Next.

Agent15-2.png

  • Click on Next to continue. If you receive any error messages during the installation, please enter appropriate permission that is given for the required accounts.

Agent15-4.png

  • After installation is completed. Click on Finish. 

Agent15-5.png

  • After installation is completed, please validate that LogMeOnce AD Agent is running.

Agent15-7.png

 

Validate Agent is communicating with your LogMeOnce account. As shown the AD agent is installed and it is communicating the server, however it should be configured.

Agent15-8.png

 

This completes your Active Directory installation task.

 

Related Articles:

  • AD Agent Configuration
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Can't find what you're looking for?

Let us help you!

Submit a request

Copyright © 2011-2020 LogMeOnce. All rights reserved.

Made with ❤️ by viablecube