Igloo LDAP Sync Tool (ILST)

The Igloo LDAP Sync Tool (ILST) is an Igloo-developed application that automatically syncs users from one or more LDAPv3-supported data sources (e.g., Microsoft Active Directory, Azure AD, Okta) to your digital workplace.

Sections in this article:  

What the ILST does

  The ILST can perform the following actions in your digital workplace:

  • Create users
  • Update user profile fields through 1-to-1 mapping with attributes in your data source.
  • Update the membership of already existing groups
  • Revoke users

How the ILST works

The following is a high-level overview of the ILST process:

  • Set-up:
    1. You must install the ILST locally on a device that meets the following criteria:
      • Uses a Windows operating system.
      • Has .Net 4.6.1 Framework installed.
      • Has access to both your LDAP-supported data source.
      • Has access to the internet.
      • The hardware requirements of the ILST are negligible.
    2. You must modify the ILST config.xml file to provide credentials, queries, and mappings.
  • Syncing:
    1.  The ILST uses the provided credentials to connect to the configured LDAP-supported data source(s).
    2.  The ILST receives results from the data source(s) based on the provided query.
    3.  The ILST then maps those results against the data in your digital workplace and then, using secure Igloo APIs, makes the necessary updates to your digital workplace.

The ILST does not include a built-in scheduler for automating the frequency and time of syncs. However, you can use tools such as Microsoft's Start Task Scheduler to accomplish this behavior. For more information, see Using Task Scheduler to run the ILST

You should not run the ILST at a frequency that would cause it to start a sync before a previous sync is finished. The time it takes to run the sync is influenced by a number of variables, however, the first sync you run will always take the longest amount of time.

Configuring the ILST

The following articles relate to configuring the ILST:

Please be aware of the following when working with the corresponding LDAP-supported data source:

  • The data source must support LDAPv3.
  • You can only sync manager fields and profile photos if your LDAP-supported data source is an on-prem Microsoft Active Directory.
  • Azure Active Directory: You must have Azure Domain Services enabled.

If your digital workplace has SAML authentication enabled ensure that you disable its ability to create users. The User creation on Sign in option is found on the SAML Configuration page in your digital workplace.

Security

Additional information regarding how the ILST functions:

  • The ILST only reads data from the connected data sources and will not modify, remove, or collect any data.
  • The ILST can run on any server in the domain as long as that server can access both the LDAP-supported data source and the internet.
  • The ILST can use LDAP or LDAPS (LDAP + SSL) and any port, not just the standard LDAP ports.
  • The ILST connects to Igloo and makes API calls using HTTPS (port 443).
  • The ILST encrypts connection and API passwords using AES encryption.
  • The ILST communicates via TCP.

Where to get the ILST

Only verified users of existing Igloo customers can download the ILST.  If your organization has an Igloo digital workplace and you are having issues accessing the download location, contact Igloo Support.

Download the ILST here

Follow the ILST file linked above to receive notifications about new versions of the tool.

Whenever the ILST is updated, changes are documented in the ILST Release Notes article.

ILST version support

Only the most recent version of the ILST is supported. Please ensure that you are running the latest version (4.0.1.0) before reporting any issues. To learn more about updating the ILST, see Updating the ILST.

ILST data flow diagram

This diagram outlines the flow of information betweem AD, Igloo Azure, and your digital workplace.