Directory Sync Authentication Enrollment for PGP Encryption Desktop clients using PGP Encryption Server (Symantec Encryption Management Server)
search cancel

Directory Sync Authentication Enrollment for PGP Encryption Desktop clients using PGP Encryption Server (Symantec Encryption Management Server)

book

Article ID: 153668

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption

Issue/Introduction

This article describes how to enable Directory Synchronization to enroll PGP Encryption Desktop (Symantec Encryption Desktop) clients to a PGP Encryption Server (Symantec Encryption Management Server).

 

Resolution

Directory Synchronization allows you to assign a consumers to a specific consumer group based on the consumer's presence in a specified LDAP directory, or based on matching directory attributes you specify.

Prior to enabling clients to use Directory Authentication, you must enable Directory Synchronization and configure an LDAP directory which the PGP Server will use to match user credentials. For more information on enabling Directory Synchronization see the following article:

180239 - HOW TO: Enable Directory Synchronization on the PGP Encryption Server (Symantec Encryption Management Server)

 

After configuring your Directory Synchronization settings, use the following steps to enable the clients to use directory authentication.

  1. Log in to the PGP Server admin interface.
  2. Click Consumers > Directory Synchronization.
  3. On the Directory Synchronization page, click Settings. The Directory Synchronization Settings are displayed.
  4. Place a checkmark next to Enroll clients using directory authentication.
     

To change the behavior of Directory Synchronization when a user cannot be matched to a specific LDAP directory based on any consumer matching rules, select an option from the drop-down menu of choices. Your choices are:

  • Look for the consumer in all ordered LDAP Directories - If the consumer cannot be matched to a specific directory, then search all LDAP Directories specified for this server, in priority order. (You can define the order that directories are searched on the Directory Synchronization page.)
  • Only look for the consumer in the first ordered LDAP Directory - If the consumer cannot be matched to a specific directory, then search only the first (highest priority) LDAP Directory specified for this server. If not found in the first ordered directory, the consumer is rejected.
  • Reject the consumer If the consumer cannot be matched to a specific directory based on the consumer matching rules, reject the consumer.
     
  1. Click Save.

Note: You can also enable the Enable LDAP Referrals option which allows PGP Encryption Management Server (SEMS) to query referred LDAP directories when searching for user information.

 

 

Additional Information

171746 - PGP Administrator Password Complexity Enforcement via AD Admins (Directory Authentication) for PGP Encryption Server

153670 - PGP Encryption Server Administrator Roles (Symantec Encryption Management Server)

180239 - HOW TO: Enable Directory Synchronization on the PGP Encryption Server (Symantec Encryption Management Server)

180156 - Obtain the Base DN or Bind DN Attributes for LDAP Directory Synchronization for PGP Encryption Server

153668 - Enroll PGP Encryption Desktop clients using Directory Authentication with PGP Encryption Server (Symantec Encryption Management Server)

153425 - Troubleshooting: PGP Encryption Desktop Client Enrollment (Symantec Encryption Desktop)

171744 - PGP Administrator Password Complexity Enforcement via Passphrase Authentication (Manual Password Assignment)

216163 - Reset Password for Administrators on Symantec Encryption Management Server (PGP Server)

 

197991 - PGP Encryption Server Directory Synchronization cannot use IP address for LDAPS (Symantec Encryption Management Server)