A directory is a service that your enterprise uses to manage users and user groups. To authorize user access to domains or URLs, you add directories to Enterprise Threat Protector (ETP) and associate them with identity providers.

ETP supports these directory services:
  • Cloud Directory. Internal ETP directory that’s intended for testing purposes only. While ETP doesn’t store or cache passwords, this directory is not intended to store user and group information in production.
  • Active Directory (AD). AD is a directory service that automates domain network management. To integrate an AD to ETP, you must associate the AD with an identity provider (IdP). You also need to have a functional Active Directory setup with administrator privileges.
  • Lightweight Directory Access Protocol (LDAP). LDAP is a platform-independent software protocol that's used to store and retrieve information about users, applications, and resources such as files and devices in a network that's on the public Internet or internal intranet. Select this directory type if you are using an LDAP or OpenLDAP directory.
  • Active Directory Lightweight Directory Services (AD LDS). AD LDS is a light-weight version of AD. It includes the same functionality as AD but does not require domain or domain controllers. It provides directory services and runs independently of Active Directory. Multiple instances can run on the same Windows server.

As part of a directory configuration, you must associate an identity connector. An identity connector is a virtual appliance that you deploy behind the firewall in your data centers or hybrid cloud environments. It allows ETP to synchronize with your organization’s Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) servers. For more information, see Identity connectors.

In ETP, you can import groups from AD, LDAP, or AD LDS. For instructions, see Import groups from AD, LDAP, or AD LDS.