CloudAnywhere is shipped with a Google Apps connector to help you synchronize your LDAP directory or Active Directory with Google Apps.
The Google connector synchronizes your Active Directory (or other source) directories with Google Apps. It provisions and deprovisions users, groups and contacts.
Passwords are synchronized in real time in a secure way.
- Organizations provisioning (organizational unit mapping)
- Real time password synchronization with respect of Google password complexity
- Active Directory multi-domain and multi-forest support
- Multi-tenant support
- Possibility to synchronize, merge or split Google tenants
- All available attributes are synchronized
Organizational unit synchronization
The connector synchronizes Active Directory organizational units with Google organizations.
Users can be provisioned in the root organization. Google organizations can be created on the fly.
Mapping tables are available to map existing Active Directory organizational units and Google organisations when names are not matching.
The CloudAnywhere platform offers the possibility to granularly select the accounts to be provisioned according to their group memberships, attribute values etc.
Comparison with Google password synchronization
In Google’s solution (GAPS), every domain controller pushes passwords directly: all domain controllers must have internet access.
- This introduces security risks.
- No retry mechanisms.
- No password complexity enforcement: Active Directory accepts passwords not valid on the Google side (passwords with accented characters, for example).
CloudAnywhere proceeds differently: every Active Directory securely sends passwords to the CloudAnywhere server.
- No domain controller needs to access the internet.
- CloudAnywhere respects Google passwords requirements.
- When a user changes a password, if the password is not compliant with Google rules, the password is not changed.
Reset password portal
CloudAnywhere is shipped with a reset password portal for users who do not have access to a computer in Active directory and who therefore cannot change their passwords using Microsoft’s standard method.