Download and configure Entrust iDaaS Active Directory

Configure Entrust IDaaS to use the same Active Directory services as Entrust CloudControl. Entrust provides an Entrust IDaaS gateway OVA to sync your on-premises Active Directory users to Entrust iDaaS. Changes made to your Active Directory are automatically synced with Entrust IDaaS through this gateway. Alternatively, you can configure your own gateway.

For additional information, refer to Entrust Identity as a Service Administrator Help.

  1. Download the Entrust IDaaS gateway

  2. Deploy Entrust IDaaS gateway VM from the OVA

  3. Configure the Entrust IDaaS gateway virtual appliance

  4. Add the gateway to the Entrust IDaaS.

  5. Tie Active Directory to Entrust IDaaS

Download the Entrust IDaaS gateway

  1. Sign in to your unique Entrust IDaaS registration URL bookmarked in section Register for Entrust IDaaS.

    eihomegateways

  2. Select Home page, then select Gateways.

  3. On the Gateways page, select IDENTITY AS A SERVICE GATEWAY to download the software. The Identity as a Service Gateway Download URL dialog appears.

  4. Select the VMware vSphere to download a vSphere (.ova) image file.

Deploy Entrust IDaaS gateway VM from the OVA

  1. Sign in to VMware vCenter.

  2. Select the cluster in which to create the Entrust IDaaS gateway VM.

  3. From the Actions menu, select Deploy OVF template…​.

  4. Select Local file and upload the Entrust IDaaS gateway OVA file, and then select Next.

  5. Follow the instructions during the deployment as needed.

  6. After the VM is ceated, right-click the Entrust IDaaS gateway virtual machine and select Power > Power On.

  7. Select LAUNCH WEB CONSOLE and make a note of the dynamic IP of the Entrust IDaaS gateway virtual machine. You will be able to change this IP to static in the next section.

  8. Close the web console.

Configure the Entrust IDaaS gateway virtual appliance

  1. In a web browser, sign in to the Entrust IDaaS gateway dynamic IP with port 9090, for example, https://xxx.xxx.xxx.xxx:9090.

  2. Accept the browser self-signed certificate warning. The Entrust IDaaS gateway Web Interface opens.

  3. Sign in with the following credentials:

    Credential Value

    User name

    entrust

    Password

    entrust

  4. Enter the new password when prompted.

  5. Sign out and then sign back in. This time, select Reuse my password for privileged tasks.

    reuse password priviledge tasks

  6. Select Get Started. The Network Settings page appears.

  7. Select Network to change the hostname, IP address, and gateway address.

  8. Optionally, change the hostname by selecting the corresponding hyperlink, and then select Save.

  9. Change the IP address and gateway by selecting the corresponding hyperlink.

  10. Enter the new static IP and gateway, and then select Save. You will be disconnected after saving is completed.

  11. At the VMware vCenter, select Actions > Power > Restart Guest OS.

  12. Sign back in to the Entrust IDaaS gateway with your browser using the new static IP with port 9090.

  13. Select Get Started. The Network Settings page appears.

  14. Select System Time to change the default NTP servers if needed, and then select Save.

  15. If required, select Proxy to configure a proxy server, and then select Save. In this integration a proxy server was not necessary since we were able to access the Internet.

You do not need to select Register at this time. It will be done in the next section.

Add the gateway to the Entrust IDaaS.

  1. Sign in to your unique Entrust IDaaS registration URL.

  2. Select Gateways. The Gateways page appears.

  3. Select the + icon on the left of the page and select Gateway. The Add Gateway dialog appears.

  4. Enter a Gateway Name and then select Add. The Waiting for Gateway to establish connection dialog appears.

    eigatewaycreated

  5. Copy the Registration Code by selecting the Copy to clipboard icon.

  6. Sign in to the Entrust IDaaS gateway with your browser.

  7. Select Identity as a Service.

  8. Paste the registration code from above in the Registration Code text box, and then select Register.

  9. Go back to your unique Entrust IDaaS registration URL. Close the Waiting for Gateway to establish connection dialog box if still open, and then sign in.

  10. Select Gateways. There is a green check mark next to the gateway created above.

    idaas gateway green check mark

  11. Hover over the gateway name to display the details.

    gateway instant details

Tie Active Directory to Entrust IDaaS

  1. Sign in to your unique Entrust IDaaS registration URL.

  2. Select Directories.

  3. Select the + icon on the left of the page and then select Active Directory (on-premise). The Add Directory page appears.

  4. In the Connection Settings, enter the following:

    Item Value

    Directory Name

    Domain name

    Username

    idaasaduser (user created in [configure-active-directory])

    Password

    Password for idaasaduser

    Directory Servers

    IP/FQDN of the Active Directory server
    eidirectoryconnectionsettings

  5. In the Attribute Mappings section, change the default settings if required.

  6. In the SearchBases & Group Filters section, enter the following:

    Item Value

    Root Domain Naming Context

    search context, for example, DC=example,DC=com

    Group Filters

    ASC_SuperAdmin (group created in Configure your Active Directory)
    eidirectoryfilters

  7. In the Synchronization section, do the following:

    1. Select the Synchronization Agent in the pull-down menu, that is the Entrust IDaaS gateway created in section Configure the Entrust IDaaS gateway virtual appliance.

    2. Once selected, edit the properties according to your AD settings or leave the defaults.

      eidirectorysync

  8. Once all the information has been provided, select Add. The Directory List page appears.

    eidirectorylist

  9. Select the Sync icon on the directory list row to sync the directory.

  10. Once synced, verify the Active Directory users etccadmin and etccuser created in section [configure-active-directory] appear in Home > Users.

    eiuserslist