This section describes the security controls that Connect to AD uses to protect customer data.
Connect to AD communicates with only 2 services to perform its functions:
- [source-object]
- [target-system]
UKG
All communications to the UKG API are encrypted and authenticated using an UKG service account. The transmission channel that is used to transmit data is secured via Transport Layer Security (TLS).
Connect to AD does require a valid UKG service account in order to establish a connection with the UKG API. The UKG service account information [source-object] are all encrypted using RFC 2898 and securely stored.
For more information on RFC 2898, you can reference:
For more information on setting up a valid connection to the UKG API, click
Entra ID
All communications to Entra ID are authenticated using a valid Entra ID application (with a client secret) that can read, insert, and update user records in Entra.
Entra ID uses TLS to secure the transmission channel used to transmit data.
Active Directory
All communications to Active Directory are authenticated using a valid Windows account that can read, insert and update user records in Active Directory.
The security level of the transmission channel that is used to transmit data to Active Directory is determined by your AD configuration (with or without SSL/TLS).
- ldap-authentication-and-security-signing-binding-and-configuration
- enable-ldap-over-ssl-3rd-certification-authority
- guide-to-setup-ldaps-on-windows-server
IP Whitelisting
If you choose to implement IP Whitelisting, please include your UKG API host (https://service?.ultipro.com) in the allowed list of IP addresses as that is the only external service required by Connect to AD.
Comments
0 comments
Please sign in to leave a comment.