How does this integration work?
The Active Directory (AD) integration is different than cloud-based tools like G Suite, Okta, or OneLogin. This integration automatically creates and uploads a CSV from your AD instance. To do this, your IT team will need to install a cron script on your server.
- To run Active Directory sync please make sure you are running Powershell version 3.0 or greater.
- You can manually create new employees or add employees from other locations while maintaining your directory sync. This feature is helpful for contractors, temps, or other people who may host visitors/receive deliveries but are not core team members. Learn more about manually adding employees.
Enabling the Envoy + Active Directory integration
- Go to Integrations > All integrations.
- Under Employee directory, find Active Directory. Click “Install.”
Step 1: Run initial sync
- Locate Your CRON script, and copy the script found there. Save it as
envoy-ad-sync.ps1on your server.
2. Read through the top part of the script and customize the variables from the plugin configuration to match your organization’s implementation.
3. This will typically mean setting the correct Organizational Units (OU’s) and optionally customizing where the sync will save its temporary files.
4. Run the script via command prompt or PowerShell to verify that the script is correctly syncing users with Envoy. You should be able to confirm the sync is running back on the Envoy dashboard by seeing details on when your last sync ran.
- You may have to update or allow an exception on the script execution policy on your AD box.
- In order for the Active Directory sync to successfully complete, all entries in the CSV generated by Powershell must have a valid e-mail.
- You are required to use TLS 1.2. If you run into issues forcing TLS 1.2, within the Envoy cron script (screenshot above) replace
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
ServicePointManager.SecurityProtocol |= (SecurityProtocolType)3072;
and then run the script.
Step 2: Setting up the script to run via Task Scheduler
Now, you’re ready to schedule the script to run automatically.
- Open Task Scheduler on the machine with the script.
- Open Task Scheduler Library and select “Create Task.”
- Adjust settings accordingly. It’s important that the user account that is set to run this task is able to read OU’s and user accounts in your Active Directory environment.
4. Set a schedule for the script to run. Do this by creating a new trigger. Here, it runs daily at 1 AM.