Oleria’s identity security provides critical visibility into AD resources, enabling organizations to quickly identify, assess, and mitigate identity and access-related risks. As a result, it offers better support for large enterprises that rely on Active Directory (AD) for various aspects of identity and access management. Oleria's identity security solution significantly improves Active Directory management by providing complete visibility and control over your organization's identity and access landscape.
This document provides step-by-step guidance for integrating Active Directory with your Oleria workspace.
Pre-requisites
- Administrator permission on the Oleria workspace
- An Active Directory Domain Joined (ADDJ) machine to install Oleria AD Agent.
- Administrator permissions on the ADDJ machine
Steps to Integrate Active Directory with Oleria Workspace
Step 1: Create a Service Account In the Active Directory
Step 2: Configure event forwarding
Step 3: Integrate Active Directory with the Oleria workspace
Step 4: Install Oleria AD Agent
Step 5: Verify the Active Directory status from the connected applications
Step 1: Create a Service Account in the Active Directory
Create an Active Directory Service Account and grant read-only permissions.
1.1. Log in to Active Directory and create a new user, for example, Oleria Read Admin.
1.2. Open your AD Domain → select Delegate Control
Select the user as shown below
Grant following read permissions
- Read all user information
- Read all inetOrgPerson information
The account will be automatically added to the Domain Users group. Open Domain users group to verify the Service Account
Add the user to the Read-only Domain Controller group.
Step 2: Configure Event Forwarding
Follow Microsoft Documentation to configure Windows event forwarding.
Step 3: Integrate Active Directory with your Oleria Workspace
Log in to your Oleria workspace and select Workspace > Integrations → Active Directory
Provide a name for your agent and click continue.
You will see a PowerShell Script with a copy option. You need to execute this script on a member (domain-joined) server where you want to install the Oleria AD Agent.
Step 4: Install Oleria AD Agent
Log in to the ADDJ machine, open PowerShell with administrator privileges, and run the script downloaded from step 2.
You will see the Oleria AD Agent installation process
Accept the license terms and select Next
On the next page, provide the following.
- Username: Provide the Service Account name created in step 1
- Password: Provide the Service Account password
- DomainName:: Provide your domain name. Example if your domain name is example.local, provide dc=example,dc=local
- DomainUrl: Provide your domain controller ip address
Select Next, and follow the prompts to complete the installation.
Once the installation is completed, you will see an OleriaADConnectAgent service in the services.
Step 5: Verify the Active Directory status from the connected applications
Log in to your workspace → connected integrations → Active Directory → select View Details to open the side pane to view the agent health status.
Contact Us
For questions about this integration, please contact us at support@oleria.com.
