How To: Sync/create Active Directory user groups in Osirium

This article explains how Active Directory user groups (Security groups) are added to Osirium PAM.

Privileged Access Management Best Practices

Free AD Audit Tool

Audit AD Accounts

The first step to protecting AD accounts is to know what you have. This free tool does just that.

Get the Free Tool
Osirium PAM Express

Free Privileged Access Management

PAM Express

Secure your infrastructure with the fastest to deploy Privileged Access Management solution. Introducing PAM Express from Osirium. For free, for 10 servers or network devices for production use.

Get PAM Express
Checklist for PAM Success

Free Whitepaper

Checklist for PAM Success

Get your free checklist that builds on years of practical experience to provide a roadmap for PAM success.

DOWNLOAD The Free CHECKLIST

Summary

This article explains how Active Directory user groups (Security groups) are added to Osirium PAM and the users within the group are synchronised and created in Osirium PAM.

It also provides a number of scenarios as to how the users are managed through this process.

Applicable Versions

7.x

Details

This section provides details on how to populate the bulk import template for:

  • Synchronising Active Directory users using Security Groups
  • Active Directory and Osirium PAM synchronising scenarios

NOTE It is assumed that an Active Directory service has already been provisioned in Osirium PAM. See Active Directory integration in Osirium PAM.

Synchronise Active Directory users using Security Groups

This section details how to create new Security groups in Active Directory and how then configure Osirium PAM so that users are automatically synchronised.

NOTE: If your Active Directory already contains Security groups that you wish to synchronise in Osirium PAM, skip to step 2.

1. Create Security Group(s) in Active Directory and add users

  • Open Active Directory Users and Computers window
  • Create a new Security Group
  • Add required users to the new Security Group

2. Create User Group in Osirium PAM

  • Navigate to User groups
  • Click NEW USER GROUP
  • Select the source as Active Directory, enter the Name exactly as was entered in step 1 above and click SAVE.
  • Members of the Active Directory Security Group will be automatically created in Osirium PAM and added as members of Osirium PAM.

3. Synchronising the Osirium PAM User group

  • When the Osirium PAM User group is first created it will be automatically synchronised with the corresponding Active Directory Security Group.
  • By default the Osirium PAM User group will be synchronised every 15 minutes. This can be changed by navigating to System configuration > System settings tab and amending the value in the User Group Synchronisation interval (minutes) field.
  • If you do not wish to wait for the next scheduled synchronisation, you can manually trigger a synchronisation by navigating to the User groups, opening the required User group and clicking SYNCHRONISE.

Active Directory and Osirium PAM synchronising scenarios

For each of the below scenarios it is explained what will happen to users within Osirium PAM.

NOTE For the below scenarios, the term Security Group refers to a Security Group created in Active Directory. The term User group refers to a User group created in Osirium PAM. Unless stated otherwise, it is assumed that for each Security group there is a corresponding User group of the same name in Osirium PAM.

NOTE With the exception of adding a new Security Group, to see the see the changes described below immediately you will need to manually trigger a resync. See point 3 above of the Synchronise Active Directory users using Security Groups section.

1. New Security Group added

  • The User group will be created in Osirium PAM.
  • Members of the Security Group will be added to the User group.
  • Any members that do not already exist in Osirium PAM will be created.

2. User added to existing Security Group

  • New user will be added to the User group.
  • If the user does not already exist, they will be created in Osirium PAM.

3. User removed from existing Security Group

  • The user will be removed from the User group.
  • The user will NOT be removed from Osirium PAM.

4. Security Group removed

  • The User group will NOT be removed from Osirium PAM. (But they can be removed manually if required).
  • The users that were previously members of the User group will NOT be removed from Osirium PAM.

Ransomware Protection for Backups

Ransomware attacks destroy your data and backups. Get Osirium Fast Protect for just £4,995 to stop attacks deleting your backups.

Protect your backups!
Talk to an expert

Any questions? Please get in touch

If you have any questions or want to speak to one of our representatives, please complete this form and we'll be in touch.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Click to chat