Deploy the CyberArk Identity Connector

This section describes how to deploy and manage the CyberArk Identity Connector.

The CyberArk Identity Connector is a multipurpose service that provides support for key features and enables secure communication between other services on your internal network or a cloud instance. Not all services require a connector, however. For example, if all users are CyberArk Cloud Directory user accounts, the connector isn’t required.

You must have at least one connector for the following use cases.

Use case	Description
Use Active Directory or LDAP as a directory service	This topic describes how to install the CyberArk Identity Connector to integrate your Active Directory/LDAP service with CyberArk Identity. The CyberArk Identity Connector adds AD as a directory service by enabling secure communication between CyberArk Identity and your AD domain. The CyberArk Identity Connector is installed on your network inside the firewall, runs on domain-joined Windows server, and monitors AD for changes to users and groups. It also monitors Active Directory for group policy changes, which it sends to CyberArk Identity to update enrolled devices. AD changes are synced to CyberArk Identity every 10 minutes by default.
Manage application access with the Application Gateway	With App Gateway, you can configure on-premise applications for off-site access without requiring a VPN connection. Refer to App Gateway for more information.
Enforce MFA on VPN clients that support RADIUS	Configure the connector as a RADIUS server to enforce MFA on RADIUS clients. Refer to MFA for VPNs and VDIs for more information.

Use case

Description

Use Active Directory or LDAP as a directory service

This topic describes how to install the CyberArk Identity Connector to integrate your Active Directory/LDAP service with CyberArk Identity. The CyberArk Identity Connector adds AD as a directory service by enabling secure communication between CyberArk Identity and your AD domain.

The CyberArk Identity Connector is installed on your network inside the firewall, runs on domain-joined Windows server, and monitors AD for changes to users and groups. It also monitors Active Directory for group policy changes, which it sends to CyberArk Identity to update enrolled devices. AD changes are synced to CyberArk Identity every 10 minutes by default.

Manage application access with the Application Gateway

With App Gateway, you can configure on-premise applications for off-site access without requiring a VPN connection.

Refer to App Gateway for more information.

Enforce MFA on VPN clients that support RADIUS

Configure the connector as a RADIUS server to enforce MFA on RADIUS clients.

Refer to MFA for VPNs and VDIs for more information.

In this section: