Skip Navigation

Configure onboarding and offboarding

Onboarding allows you to automatically add user accounts to
Cylance Endpoint Security
based on user membership in a company directory group. Directory groups and user accounts are added to
during the synchronization process.
If you enable onboarding, you can also choose to configure offboarding. When a user is disabled in the directory or removed from all company directory groups in the onboarding directory groups,
Cylance Endpoint Security
deletes the user account and stops allowing network connections from the user's devices.
You can use offboarding protection to delay the deletion of user accounts to avoid unexpected deletions because of directory replication latency. Offboarding protection delays offboarding actions for two hours after the next synchronization cycle.
Depending on the type of directory that you want to connect to, configure Cylance Endpoint Security to synchronize with Azure Active Directory, or connect to a Microsoft Active Directory or LDAP directory.
  1. In the management console, on the menu bar, click
    Settings > Directory Connections
  2. In the
    Directory Connection
    list, click the connection that you want to configure onboarding for.
  3. On the
    Sync settings
    tab, select
    Directory onboarding
  4. In the
    field, type the maximum number of changes you want to allow for each synchronization process.
    By default, there is no limit. If the number of changes to be synchronized exceeds the limit you set, the synchronization process stops. Changes include users added to groups, users removed from groups, users to be onboarded, and users to be offboarded.
  5. In the
    Nesting level
    field, type the number of nested levels to synchronize for company directory groups. By default, there is no limit.
  6. To force the synchronization of directory groups, select
    Force synchronization
    If this option is selected, when a group is removed from your company directory, the links to that group are removed from onboarding directory groups and directory-linked groups. If not selected, if a company directory group is not found, the synchronization process is canceled.
  7. To delete a user account from
    Cylance Endpoint Security
    when a user is removed from all linked groups in the directory, select
    Delete user when the user is removed from all onboarding directory groups
    . The first time that a synchronization cycle occurs after a user account is removed from all linked directory groups, the user account is deleted from
    Cylance Endpoint Security
  8. To prevent user accounts or device data from being deleted from
    Cylance Endpoint Security
    unexpectedly, select
    Offboarding protection
    Offboarding protection means that users will not be deleted from
    Cylance Endpoint Security
    until two hours after the next synchronization cycle.
  9. Click