Microsoft Active Directory On-Premises Integration

Install, configure, and use Asset Panda's on-premises integration with Microsoft Active Directory (AD) to synchronize employee directories, manage users, and handle data collections.

Prerequisites

Ensure these requirements are met.

Before starting, ensure the following:

  • Access to the Asset Panda web application for downloading installation files and generating API keys.

  • Administrative privileges on the Windows machine where the integration will be installed.

  • A service account in Active Directory with read permissions for users and groups.

  • The machine must remain powered on and logged in for the background service to run scheduled syncs.

  • Familiarity with Active Directory tools like Server Manager and ADSI Edit for retrieving the LDAP connection string.

Note: The integration requires specific API permissions for user creation, which must be granted by Asset Panda support. Contact support with your API Client ID, Secret, account name, and module name to request these granular permissions.

Downloading Installation Files

Obtain the installation files from the Asset Panda web application.

  1. Log in to the Asset Panda web application.

  2. Navigate to the downloads section to obtain the two installation files.

    • Asset Panda Pro Installer: For the UI application.

    • Automatic Background Service: For the scheduler that handles automated syncs.

  3. Download both files to your Windows machine.

The UI application can run standalone, but the background service requires the UI app to be installed first, as configurations (e.g., mappings) are managed via the UI.

Installing the UI Application

Install the UI application on your Windows machine.

  1. Double-click the Asset Panda Pro Installer file to launch the setup wizard.

  2. Click Next to proceed.

  3. Accept the default installation location, but change the installation scope to Everyone (for all users on the machine).

  4. Click Next and continue through the wizard until installation completes.

  5. Close the setup popup.

  6. A desktop icon for "Asset Panda" will be created automatically.

  7. Double-click the icon to launch the application. On first launch, an Automatic Sync pop-up appears on the screen.

Setting Up Connection Details

Configure connection settings for Asset Panda and Active Directory after launching the UI app.

Asset Panda Side (Left Panel)

URL: By default, this is set to the URL (e.g., api.assetpanda.com).

API Client ID and Secret:

  1. Log in to the Asset Panda web app.

  2. Click the settings icon and navigate to API Configuration.

  3. If no API exists, create a new one:

    1. Enter a name.

    2. Select all accounts and modules for full access (or specific ones if limiting sync).

    3. Grant Read, Write, and Delete permissions.

    4. Click Save to generate the Client ID and Secret.

  4. Copy the Client ID into the API Client ID field.

  5. Copy the Secret into the API Client Secret field.

Email Address and Password: Enter the credentials used to generate the API key.

Note: These API keys are the same as those used for other API-related tasks in Asset Panda. Ensure the API has permissions for the accounts/modules you intend to sync.

Active Directory Side (Right Panel)

Active Directory Connection String:

  1. Open Server Manager on your AD server.

  2. Launch ADSI Edit.

  3. Right-click and click Settings.

  4. Copy the LDAP URL.

  5. Paste it into the AD Connection String field.

AD Username and Password: Use a service account with read permissions for AD users and groups.

Click Done to validate credentials. If successful, you'll be redirected to the Automation Sync page. If not, an error will appear—correct and retry.

Configuring Automation Sync (Scheduler in UI)

Set up scheduled synchronization in the UI.

  1. On the Automation Sync page, set the sync schedule:

    1. Start Time: When the first sync should occur.

    2. Repeat Interval: Hourly, daily, etc.

  2. Click Submit to schedule the sync. A message will confirm.

This sets the UI-based scheduler. For background automation, install the service in the following section.

User Mapping

Map Active Directory users to Asset Panda modules.

  1. Navigate to User Mapping.

  2. Choose the following options:

    1. Account: Select from the dropdown (only accounts with API permissions appear).

    2. Module: Automatically loaded based on the account.

    3. Role: Automatically loaded based on the module.

    4. Active Directory Group: Choose the AD group to sync.

  3. Map the mandatory user invitation fields:

    1. Email: Assign to an AD field like mail or userPrincipalName (UPN).

    2. First Name: Assign to givenName.

    3. Last Name: Assign to sn (surname).

  4. Click Add to save the mapping. Add multiple mappings as needed.

  5. Click Done to finalize.

Users from the selected AD group will be created in Asset Panda with the specified role.

Collection Mapping

Map Active Directory data to custom collections in Asset Panda.

  1. Navigate to Collection Mapping.

  2. Choose the following options:

    1. Account and Module.

    2. Asset Panda Collection: Select the target collection.

    3. Active Directory Group: Choose the group to sync.

  3. Map the fields:

    1. Unique Identifier: Recommended objectSid (SID) for uniqueness.

    2. Other fields: Assign Active Directory properties.

  4. (optional) For status tracking, create a field in the collection via Asset Panda UI:

    1. The tool will autopopulate the details if they already exist.

    2. Select the tracker options: Active, Inactive, or None.

    3. Type: Single Select List.

    4. Name: Exactly "Integration Status AD"

  5. Click Add to save mappings. Add multiple groups or collections as needed.

  6. Click Done to finalize.

No granular API permissions are needed for collections.

Note: Mappings are saved incrementally; use the delete icon to remove specific ones. Each mapping is independent—if one fails, others proceed.

Installing the Background Service (Scheduler)

Install the background service for automated syncs.

  1. Double-click the Automatic Background Service installer.

  2. Click Next, set the scope to Everyone, and proceed.

  3. Installation completes with a black pop-up confirming service has started.

  4. Verify in Task Manager > Services: Look for the service running.

The service reads configurations from the UI app and runs syncs automatically per the schedule.

Sync Management and Troubleshooting

Running Syncs

Initiate and monitor syncs.

  • Manual Sync: Click Start Sync in the UI. View progress in logs.

  • Automated Sync: Handled by the background service based on your schedule. Monitor UI logs for status.

Syncs process users and collections independently and sequentially to prevent API overload. Verify data in the Asset Panda web app.

Common Issues and Fixes

Resolve frequent problems.

  • Invalid Credentials: Verify API keys, AD username/password, and LDAP string.

  • Roles Not Loading: Contact support for granular API permissions.

  • Sync Failures: Check if unique fields are set correctly; confirm AD group data. Review logs and adjust mappings.

  • Service Not Running: Restart in Task Manager > Services or reinstall.

For large datasets, syncs may take up to 1 hour, scheduled infrequently.

PreviousGoogle Workspace IntegrationNextMicrosoft Entra ID Integration

Last updated