The AD connector which comes with Akku, allows organizations to use either their on-prem AD or Azure AD as the data source for authentication. Akku’s AD is agentless, which means that no additional software is installed in the client environment.
Implementation of the Akku AD Connector:
- First, a secure connection is established between Akku’s LDAP client to the AD’s LDAP server.
- Then, Open LDAP is installed on Akku’s server.
- Next, SAML and LDAP are configured and Windows AD SSL certificates are installed on Akku to enforce a TLS encryption on LDAP clients.
- Finally, the firewall settings are changed to accept connections only from Akku’s server. On the Windows AD, anonymous binding on LDAP queries is disabled.
The biggest advantage of Akku’s AD connector is that you have the highest possible transparency and control over your network. You can know more about why an agent-based architecture is bad for your organization here.
With these steps, all the usernames in your network are synced between your AD and Akku. At the time of logging in, only the LDAP request query is sent to the AD for verification, which starts the SSH tunnel to push the changes from AD to Akku MySQL.
Benefits of an Agentless Active Directory Connector
The biggest advantage of using an agentless software is that it avoids the pitfalls that come with installing additional software, like security threats and making your network security solution bulkier than necessary. With agents, organizations have to adhere to security protocols, handle software incompatibility problems, and also manage the overhead of installing, maintaining and updating the agents on all the devices in your organization, which can be time- and resource-consuming.
To know more about Akku’s features, and how an agentless IAM solution can help your organization save cost and improve network security, get in touch with us now.