> Resources > Gateways. The Gateways
page appears.
The AD Connector handles passwords and password change requests. To ensure redundancy in the event of failure, you should sync suers to Identity as a Service and add more than one AD Connector. To do this
● Install the AD Connector
● Add AD Connector groups
● Add Members. Members provide single sign-on to Identity as a Service to the AD Connector.
● Copy the JSON file in to the AD Connector
1. Click
> Resources > Gateways. The Gateways
page appears.
2. Click AD Connector to download the installer, IDaaSAdConnector.zip.
3. Go to the location of your download and extract IDaaSAdConnector.zip.
4. Double-click IDaaSAdConnector-3.0.exe to launch the installer. The Entrust Identity Service Connector License Agreement page appears.
5. Select I agree to the license terms and conditions and then click Install. The Welcome to the Identity as a Service AD Connector Setup Wizard page appears.
6. Click Next. The Destination Folder page appears.
7. Optionally, change the default folder location and then click Next. The Ready to install Identity as a Service AD Connector page appears.
8. Click Install. The Completed the Identity as a Service AD Connector page appears.
9. Click Finish. When the installation completes successfully, the AD Synchronization Settings page appears.
10. Leave this page open as you will paste the contents from Step 2: Add AD Connector groups and members into this page.
1. Click > Resources > Gateways.
The Gateways page appears.
2. Click
and select AD
Connector Group. The Add AD Connector
dialog box appears.
3. Enter a Group Name and then click Add. The Group is added. For high availability, Entrust recommends that you add one of more AD Connectors to the Group.
4. To add one or more AD Connectors to the group, do the following:
a. Under your Group, click Add Member. The AD Connector dialog box appears.
b. Enter a Name for your AD Connector and then click Add. The AD Connector Created dialog box appears.
c. Copy the contents of the JSON file (click Copy to Clipboard). You can also choose to Download the contents or keep the dialog box open to paste the required information into the AD Connector Settings.
d. Open the AD Connector Settings app (in Windows go to Start > Identity as a Service AD Connector). The AD Synchronization Settings appear.
e. In the AD Synchronization Settings (the AD Connector Settings), click Paste JSON. The AD Connector Application Data dialog box appears.
f. Paste the contents of the JSON and then click Apply.
Note: You can also copy and paste the hostname (Tenant), applicationID, and sharedSecret into the respective fields of the AD Synchronization Settings dialog box.
g. Click Test Connection. If successful, then click Save.
h. Click Close on the AD Connector Created dialog box.
5. The
member appears under your Group Name. The following symbol indicates that
it is the Primary connector and that it is Active: 
.
6. Click
to view the AD
Connector Details. The first member that connects to IDaaS becomes
the Primary AD Connector.
Note: The primary AD Connector syncs users from Active Directory to the IDaaS active AD Connector and also handles password validation requests. If the primary AD Connector is inactive for 2 minutes, the first active AD Connector becomes the primary AD Connector.
7. For failover, repeat Step 4 to add another Member.
Note: The symbols
indicate the following:
Primary connector and active
Active connector
Inactive connector
Not registered
1. Repeat Step 1: Install the AD Connector to install AD Connector on a different server in your domain.
2. Repeat Step 2: Add AD Connector groups and members.
Note: If at any
time you need to regenerate the AD Connector shared secret, click 
.
If you need to change the name of the AD Connector, click 
.