Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Our Active Directory integration uses a script to pull a CSV containing all of the accounts within the Organizational Units that you will set. To automate this, we store the CSV onto an sFTP Server that either Zilla or you can host, and Zilla pulls the information from there. For more information on this process, please see this documentation. You have the option to do this manually, but the automated approach is recommended.

Prerequisites:

This setup requires the following

  1. Ensure that powershell is up to date and installed on your server (odds are it is). For more info, please refer to this documentation

  2. That you have Admin access to the microsoft servers containing your domain controller

  3. If you’d like this process to be automated, we require a service account on AD with domain user access that can be used. We will also require an SSH Public/Private Key made in RSA Format. To do this, do the following:

    1. Run the following command: 

      ssh-keygen -b 2048 -t rsa

    2. This will generate a public/private key in the filepath that you defined. If you didn’t it will be stored at /home/user_name/.ssh/id_rsa

    3. If you are using Zilla’s sFTP server, you will need to provide the public key to you Zilla Technical Contact.

    4. take note of this filepath for later configuration. You will also need the private key value as well.

  4. You will need to add an on-prem AD Application inside of Zilla. To do this, login to Zilla as an admin, select Add Application, then search for On-Prem AD and add it as an app.

Configuring the script for use

  1. Download the script

  2. Open the file in an editor like VS Studio, and define what Organizational Units Zilla Will Pull Accounts from. You will do this by editing the below variable:

    1. $DNs = @("DC=yourdomain,DC=com") - this variable is used to define what Organizational Units Zilla Will Pull Accounts from. For example, if my OU is zillasecurity.com, then this line would look like this: $DNs = @("DC=zillasecurity,DC=com"). You can add multiple OUs by comma separating each OU’s domain name. NEED TO FINISH ONCE I GET CLARIFICATION

  3. If you want to automate this script, you will also need to adjust the following parameters in the file:

    1. $isSftpEnabled = $false - this determines whether the CSV gets sent to an sFTP server. By default, this is turned off.

    2. $sftpHost = "sftp.zillasecurity.com" - this is the hostname of the sFTP server we are sending the CSV to. If you are sending it to an sFTP server hosted by Zilla, then the default value (sftp.zillasecurity.com) can be left. If you are hosting this on your own sFTP server, then change the value to the hostname on your server.

    3. $sftpUsername = "<your domain.com>" - this is the username of the service account that will need to be created on your sFTP server. If you are using Zilla, the value for this will be the domain that is affiliated with your tenant. You can view this inside of Zilla by logging in as an admin, going to the settings on the left hand side panel, and looking at the first domain inside of your internal domains

      image-20240404-234830.png

    4. $applicationId = "<application-id>" - the application ID can be found by navigating to your active directory application inside of Zilla:

      image-20240404-235104.png

      and copying the string that appears inside of the URL:

      image-20240404-235224.png

    5. $sftpPrivateKeyPath = "<location of your private key>" - this is the filepath where you have stored your SSH Private Key. Please see the 3rd prerequisite for more details.

    6. $Csvfile = "$path\directory.csv" - you can use this setting to change the name of the CSV file that is generated. You can leave this as is

  4. Once the script is configured, use task scheduler to automate the running of the script using the service account you created in the prerequisites. This guide goes through how to accomplish this.

Setup sFTP Server

For Security reason, Zilla recommends that you have Zilla Support create an sFTP server that will store the generated CSVs. You can also host it on-premise; however, this would require you to create an outbound port 22 rule for Zilla to fetch the CSV. The process is outlined in this documentation.

Zilla Configuration

  1. Navigate to the application that you created in step 5 in the prerequisites section.

  2. Select the gear icon inside of the application:

image-20240405-010041.png

  1. Upload one of the CSV exports that you generated to Zilla. See this guide on uploading a CSV.

  2. Enable the Accounts & Permissions CSV File Upload section, then toggle on Use sFTP to automate CSV import.

Screenshot 2024-04-04 at 8.07.16 PM.png

  1. Fill out the attributes in the form. Please see this section on guidance for how to fill these out.

  2. Select Sync Now to kickoff the automated syncs.

Help:

Having trouble? Please refer to this documentation

  • No labels