Active Directory Integration

Convergence between Logical and Physical Security

As corporations demand that business, security, and IT processes become increasingly integrated and that information be shared amongst them, new tools are required to facilitate this natural convergence. Furthermore, as companies move towards a seamless and automated model, increasing the level of automation to synchronize data between these different systems becomes a very crucial element in their security systems.

Towards this end, Genetec offers an advanced level of integration with Microsoft's Windows Active Directory within its unified security platform, the Genetec Security Center. The Security Center seamlessly blends Genetec's enterprise class security solutions, Omnicast IP video surveillance, Synergis IP access control and AutoVu IP license plate recognition systems, into a single innovative solution.

With Active Directory integration, the worlds of logical (IT) and physical security converge for centralized management and synchronization of Windows user accounts with the Security Center’s user and cardholder accounts. Moreover, an inherent functionality of the integration is the automated synchronization of both user and cardholder profiles between Active Directory and the Synergis and Omnicast systems of the Security Center. No human intervention will be required during any synchronization process, thereby eliminating errors and inconsistencies that result with manual operations when multiple data entry points are utilized.

Overview of the Security Center's Advanced Active Directory Integration. Click to view a larger version.

Centralized User Management

Active Directory integration allows for the central management of IT and security users. As a new Windows user is added, an equivalent security user or operator account is created in the Synergis and Omnicast systems of the Security Center, providing automatic synchronization between IT and security systems. The synchronization process with Active Directory will ensure Windows users who are also security users, will automatically inherit their security privileges without further administrator intervention. This results in less manipulation of Security Center’s user privileges and system access rights, leading to increased efficiency within an organization.

Active Directory Password Management and Authentication Features

Active Directory integration also provides single sign on capabilities given that a user's Windows credentials are simultaneously used to log into the security system. Additionally, the Security Center leverages the intrinsic password management capabilities of Active Directory such as ensuring password strength and prompting password expiry. IT departments can then set common password policies, resting assured that the security system inherits these same policies. This is another example of convergence between IT and physical security policies.

Centralized Cardholder Management and Cardholder Account Linkage

Given that access control cardholder groups can be defined in advance with specific privileges and systems rights, the synchronization process with Active Directory will also ensure newly created cardholders inherit their physical building access rights without further administrator intervention. Additionally, Active Directory custom fields can be synchronized with Security Center user and cardholder custom fields, providing a mechanism by which most, if not all, of the information your security system required is entered only once in the Active Directory.

Security administrators still retain the ability to add new cardholders without Active Directory's automatic synchronization or account linking for specials cases, such as when visitors or contractors require physical access to an organization's buildings, but will never have an equivalent Windows user account.

Multiple Active Directory Server Support

In many instances, your security system may have to connect to more than one Active Directory server to synchronize user and cardholder data. This would be the case if your IT department has defined multiple Active Directory servers for the entire organization, eg., one server per region or business unit. Another example is if you have installed the Security Center in a multi-tenant environment where each tenant is equipped with its own Active Directory server. The Security Center’s Active Directory feature can support multiple servers simultaneously, affording you the flexibility to configure synchronization with each Active Directory server individually and to customize the Security Center for each tenant.

Higher Level of Security and Consistency throughout an Organization

As a single and central point of data entry, any additions to Active Directory are propagated without any manual intervention to the Security Center's Synergis and Omnicast systems. Active Directory can then be used to integrate with additional external systems such as a Human Resources Management System (HRMS). For example, adding a new employee in the HRMS can automatically create a Windows user account in Active Directory, the equivalent Security Center user account, and finally the Security Center cardholder account.

The inverse also becomes possible through Active Directory Integration. Disabling or removing a Windows user account will guarantee the equivalent deactivation or deletion of the Security Center user account, as well as the equivalent cardholder account, thereby ensuring consistency. The end result is that any risk of physical or logical security breaches, through direct access to the security system applications or physical access to the building, is greatly reduced.