The number of SaaS operations increases in proportion to the number of SaaS. Since users and licenses are managed separately for each SaaS, SaaS operations are bound to increase as the number of SaaS increases. If POPs revoke the rights of retirees such as Notion, Slack, and Zira, it will actually be reflected in each SaaS.

To sync users from a directory to a POPs organization, you must first add a directory to the organization. In this article, I will introduce how to integrate Active Directory.

‍

Integrating Active Directory

1. Prerequisite work

Before adding an LDAP directory to an organization, the following tasks must be performed:

(1) Disabling the firewall

The firewall must be disabled so that POPs can access the LDAP server. If the firewall is opened so that the following IPs can access the 389 (LDAP) and 636 (LDAPS) ports, PoPs can communicate with the server and obtain necessary information.

- 13.124.200.100

- 13.209.184.88

(2) Manager DN preparation

Prepare the DN of the administrator account to be used to authenticate the server to which you want to connect. You can use an existing account, but we recommend creating a separate account to use for the POPs directory.

2. Add directory > Enter information

When the prerequisite tasks are completed, click the [Add Directory] button in the directory list and select the [LDAP] button to move to the information input screen. On the information input screen, basic information and server information must be entered in order to link with a server in an existing directory.

(1) Basic information

Basic information is used to separate directories within an organization.

- Directory name*

- Directory description

- Password change URL

(2) Server information

The following server information is required to actually connect to the server and obtain information.

- Host*

- Port*

- Base DN*

- Manager DN*

- Manager Password*

After entering all required fields (*) of basic information and server information, click the [Test Connection] button. In order to move on to the next step, the server must be successfully integrated through a connection test. If the connection test is successful, click Next to move to the next step.

3. Add directory > Filter settings

(1) Filter settings

A filter must be set to specify the list of users to be imported from the server. The following information must be entered in order to set filters. Filters cannot be modified after the directory has been added.

- Search Base*

- User Search Filter*

(2) Filter testing

After entering all required items (*) for filter settings, click the [Test Filter] button. In the filter test, you can find out the number of users queried through the entered filter information. If the intended filter information is different from the number of users to be queried, check that the filter information entered is correct and try again. If the filter test is successful, click Next to move to the next step.

4. Add directory > Link attributes

(1) Link required attributes

Map directory attributes to fields in the organization. Fields that are managed as required by an organization must be mapped to an attribute in the directory. The fields managed as required by the organization are the organization's default fields and custom fields, which have been designated as required by the administrator. Mappings can be modified at any time, even after the directory has been added.

(2) Preview properties

The mapped attributes can be used to test what values are being retrieved from the directory. After entering the username of the directory user in the attribute preview input box, click the [Preview] button to import and display the mapped value based on the user information.

5. Directory addition completed

Once you have connected the attributes, you can finalize adding the directory by clicking the [Add Directory] button.

‍

Automate the assignment and revocation of SaaS permissions

SaaS management becomes easier by synchronizing users after directory integration. After authenticating to the SaaS API in the POPs admin, view the list of users in that SaaS. With linked SaaS, user permissions can be set in the POPs admin, and the settings are automatically applied to the relevant SaaS. In other words, POPs can manage users of each SaaS such as Slack, Zira, and Asana in one place.

‍

If you manage multiple SaaS with a single platform, routine tasks will be automated, processing time will be shortened, and employees will be able to focus on more important tasks. Megazone Cloud has also drastically reduced onboarding time for new hires by easily and quickly assigning SaaS rights to new hires through POPs.