Microsoft Active Directory (AD) gives organizations a major advantage in terms of orderly, on demand user credential management. The Tripwire® Enterprise integration with AD allows Tripwire Enterprise to gather group and member information based on existing roles within AD.
Without this integration, organizations using security products in tandem with AD can run into excess administrative overhead brought on by the need to assign user permissions within multiple systems everytime a credential change like employee offboarding took place. The integration not only boosts efficiency and security—it also helps with proof of compliance for internal or external frameworks such as NERC CIP that require well documented access management controls.
Instant Role and Group Assignments
The correct role and group memberships are automatically assigned in Tripwire Enterprise when an AD user logs into the console. To do this, Tripwire Enterprise polls AD to validate the user. If it locates a valid credential, it queries further for group information. If the user exists in AD but not in Tripwire Enterprise, they will be auto-created in Tripwire Enterprise at first login using the information from AD and assigned to the appropriate roles and memberships. This information is displayed in the “users” security of the Settings Manager.
How to Implement the Integration
A simple mapping file informs AD which groups correlate to which roles in Tripwire Enterprise. For example, an AD domain admin can map to the admin role within Tripwire. The readable and editable mapping file is in YAML, located in the configuration directory on the console server. With the mapping file created, this integration is turned on with a single checkbox click as shown here.
Summary
Thanks to a robust integration between Tripwire Enterprise and Active Directory, your organization can reduce administrative overhead and minimize human error with auto-created users, groups and roles to ensure secure and efficient credential management.