Get the PDF

Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
  - Generate a new SSO callback URL
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines

Connect to an LDAP directory

To connect to an on-premises LDAP directory, you must first install at least one instance of the

BlackBerry Connectivity Node

In the

BlackBerry Connectivity Node

console (http:/localhost:8088), click

General settings > Company directory

Click

Select

LDAP

In the

Connection name

field, type a name for this company directory connection.

In the

LDAP server discovery

drop-down list, click one of the following: If you want to use automatic discovery, click

Automatic

If you want to use automatic discovery, click

Automatic

then in the

DNS domain name

field, type the DNS domain name.

If you want to specify the LDAP computer, click

Select server from list below

. Click

and type the FQDN of the computer. Repeat this step to add more computers.

In the

Enable SSL

drop-down list, select whether you want to enable SSL authentication for LDAP traffic. If you click

Yes

, click

Browse

and select the SSL certificate for the LDAP computer.

In the

LDAP port

field, type the port number of the LDAP computer.

In the

Authorization required

drop-down list, select whether authentication is required with the LDAP computer. If you click

Yes

, type the username and password of the LDAP account. The username must be in DN format (for example, CN=Megan Ball,OU=Sales,DC=example,DC=com).

In the

Search base

field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com).

In the

LDAP user search filter

field, type the filter that you want to use for LDAP users. For example: (&(objectCategory=person)(objectclass=user)). If you want to restrict searching to all members of a single group for the entire

Cylance Endpoint Security

tenant, you can use the following example: (&(objectCategory=person)(objectclass=user)(memberOf=CN=Local,OU=Users,DC=example,DC=com)).

In the

LDAP user search scope

drop-down list, click one of the following: If you want user searches to apply to all levels below the base DN, click

All levels

. If you want to limit user searches to one level below the base DN, click

One level

In the

Unique identifier

field, type the attribute for each user’s unique identifier (for example, uid). The attribute must be immutable and globally unique for every user.

In the

First name

field, type the attribute for each user’s first name (for example, givenName).

In the

Last name

field, type the attribute for each user’s last name (for example, sn).

In the

field, type the attribute for each user’s login attribute (for example, cn).

In the

Email address

field, type the attribute for each user’s email (for example, mail).

In the

Display name

field, type the attribute for each user’s display name (for example, displayName).

To synchronize more user details from your company directory, select the

Synchronize additional user details

check box. The additional details include company name and office phone.

To enable directory-linked groups, select the

Enable directory-linked groups

check box.

Specify the following information:

In the

Group search base

field, type the value to use as the base DN for group information searches.

In the

LDAP group search filter

field, type the LDAP search filter that is required to find group objects in your company directory.

In the

Group Unique Identifier

field, type the attribute for each group's unique identifier. This attribute must be immutable and globally unique.

In the

Group Display name

field, type the attribute for each group's display name.

In the

Group Membership attribute

field, type the name of the attribute for group membership. The attribute values must be in DN format.

In the

Test Group Name

field, type an existing group name for validating the group attributes specified.

Click

Save

If you want to configure automatic onboarding for

Cylance Endpoint Security

, see Configure onboarding and offboarding.

If you want to add a directory synchronization schedule, see Configure directory synchronization schedules.

If you have more than one instance of the

BlackBerry Connectivity Node

, you can copy directory connection configurations from one instance into the others.

Section:

Linking to your company directory