Portal User asked a question.
Where/how does SNOW get user information?
This might be a SNOW 101 basic question, but how does SNOW get AD user information? Can I assume it comes from the AD connector? How often does it sync?
We are looking to change the source of data (Wheel to the spokes) from AD to One Identity. One Identity will then feed AD. Can SNOW talk to One Identity?
Hi Mark,
Snow is collecting data from AD with LDAP query from the Inventory Server running in that domain it's installed. If you have several domains you want to add to this, you can setup discovery of this in Inventory Server.
Also, add the ActiveDirectory module to the snowserver.config file where you can change interval of the discovery period:
<Module typeName="SnowSoftware.Inventory.Discovery.ActiveDirectory.ActiveDirectoryDiscoveryModule">
<Setter propertyName="IsEnabled">true</Setter>
<Setter propertyName="Interval">"7.00:00:00"</Setter>
</Module>
I'm not to familiar with One Identity, so this one is still un-answered.
MB
Hi Mark,
Our snow Inventory AD connector only reads out computers and user attributes. This does not contain any information about group membership.
The user attributes are currently only used by our cloud integration. (Adobe, O365). (Matching SLM User with Cloud User)
if you want to use One Identity for SSO, you can configuer it with SLM.
Snow’s federated authentication component supports the Security Assertion Markup Language (SAML) v2.0 standard for web-based authentication between security domains. The component supports the Service Provider (SP) initiated Single sign-on (SSO) and Single log-out (SLO).
in case of SAML please contact your local Snow Service
What mechanism does SNOW use to get the Last Login User / Most Login User? I have an auto-connect rule setup for Computers in SLM to Organization using that rule. But looking for where the names come from in the first place? If I run a Users report, not all have email addresses.
Hi Mark,
Last Login User data are gatherd via our agent scan mechanism.(WMI) The most login user value is counted.
The email address is not populated here and has nothing to do with your auto-connect rules. Auto connect rules (User based) using the logon name like domain\user.
If you want to fill up the user email addresses, you must do it via User Import task in SLM or smacc
Just to add we are having internal discussion to expose some of this information in SLM - i.e we gather User Last logon and email from AD but do not expose it in the SLM UI. I'm not the expert, but am of the opinion this should at the very least be in a report in SLM (populating it into the user tab is a much bigger task)
In addition we are looking at gathering additional fields from User AD - these could be OU, Manager, Disabled
2 Questions
OU, Enabled/Disabled and email could be useful in some reports.
It would actually be more flexible to give the option to map AD fields to custom fields as required.
Last logon is accurate only if you have only one Domain Controller since this data is not really synced across all DCs, so this fields has limited value.