Security

This section describes the security controls that Connect to AD uses to protect customer data.

Connect to AD communicates with only 2 services to perform its functions:

  1. UKG Ready using the secure UKG Ready API (over port 443).
  2. Active Directory using a secured LDAP connection (port may change based on your configuration).

No employee data is ever stored and the only services that are required are the UKG Ready API (externally) and Active Directory (internally).

UKG_to_Active_Directory_Security.png

UKG Ready

All communications to the UKG Ready API are encrypted and authenticated using an UKG Ready service account. The transmission channel that is used to transmit data is secured via Transport Layer Security (TLS).

The UKG Ready service account information (host, Service Account Name, password, App-key, Company and Saved report system ID) are all encrypted using RFC 2898 and securely stored.

For more information on RFC 2898, you can reference:

For more information on setting up a valid connection to the UKG API, click here.

Active Directory 

All communications to Active Directory are authenticated using a valid Windows account that can read, insert and update user records in Active Directory.

The security level of the transmission channel that is used to transmit data to Active Directory is determined by your Active Directory configuration (with or without SSL/TLS). Connect to AD supports both LDAP and LDAPS.

For more information on using LDAPS with Active Directory, you can reference:

For more information on setting up a valid connection to Active Directory, click here.

IP Whitelisting

If you choose to implement IP Whitelisting, please include your UKG API host in the allowed list of IP addresses as that is the only external service required by Connect to AD.

For more information on setting up a valid connection to the UKG API, click here.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.