This program retrieves users and groups from multiple sources and sync them into a Fyde Enterprise tenant. Multiple user sources are available and you will have specific configuration steps depending which ones you use. The user sources for a connector are activated through the Fyde Enterprise Console.
The first step to configure a User Directory connector is to create it in the Fyde Enterprise Console -> Settings -> User directories section. Once that is finished it will return a secret token in the form of an URL that needs to be passed to the connector configuration.
This program utilizes the same configuration system than our Fyde Proxy Orchestrator, so all options can be configured using command line arguments, environment variables, docker secrets, AWS SSM, etc.
A connector can be installed on a Centos OS using RPMs, it can also be run directly on any modern linux (it is a single static binary), or using a docker container. Click here for CentOS install steps.
The only mandatory configuration parameter is the
enrollment_token, which you obtain from the Fyde Enterprise Console when you create a new User Directory.
$ docker run -it fydeinc/fyde-connector --enrollment-token='https://enterprise.fyde.com/connectors/v1/connectorid1?auth_token=connector1_token&tenant_id=tenantid1' 2019-08-30 19:05:18 - Running Fyde Connector version 1.0.0 2019-08-30 19:05:18 - Initializing Sync Manager for connector https://enterprise.fyde.com/connectors/v1/connectorid1 ...
By default, a connector runs forever and runs its user/group syncing every 15 minutes. This behavior can be changed through other configuration options described later.
This program allows to sync using multiple different directory sources, and depending the sources used you will need to provide some extra information (like the address to and LDAP server, etc).
To sync with a Google Suite domain you will need to authorize Fyde to access your data, which requires a manual step to obtain an authorization token from Google. Once this token is obtained, it should be valid without expiration, unless you invalidate it from the Google Admin Console.
$ docker run -it fydeinc/fyde-connector --enrollment-token='http://host.docker.internal:8080/connectors/v1/connectorid1?auth_token=connector1_token&tenant_id=tenantid1' 2019-08-30 23:00:59 - Running Fyde Connector version 1.0.0 2019-08-30 23:00:59 - Initializing Sync Manager for connector http://localhost:8080/connectors/v1/connectorid1 Please visit this URL to authorize this application: https://accounts.google.com/o/oauth2/auth.... Enter the authorization code: <enter the code returned by google once you authorize Fyde> Your Google Suite token is:eAJ4q2wcbi...... Provide this code to the Fyde Connector following the instruction in our documentation. Refer to https://fyde.github.io/docs/ for more information. 2019-08-30 23:03:36 - Module google_apps is not ready to run 2019-08-30 23:03:36 - Connector service is going bye-bye
As it says there, you need to provide this authorization token from Google to the connector to proceed to the syncing. The parameter to do so is called
google-auth-token and a once you pass it to the connector it should start syncing immediately.
$ docker run -it fydeinc/fyde-connector --enrollment-token='https://enterprise.fyde......' --google-auth-token='eAJ4q2wcbi......' 2019-08-30 23:06:42 - Running Fyde Connector version 1.0.0 2019-08-30 23:06:42 - Initializing Sync Manager for connector https://enterprise.fyde.com/connectors/v1/connectorid1 2019-08-30 23:07:05 - URL being requested: GET https://www.googleapis.com/discovery/v1/apis/admin/directory_v1/rest .... 2019-08-30 23:07:42 - Ran module <sources.google_apps.SyncModule object at 0x1066342b0> successfully, next run in 900 seconds
To sync with an Okta tenant you will need to authorize Fyde to access your data, which requires a administrative step to obtain an API token from Okta. Read-only administrative permisions are enough to run a connector, it is recommended you create a service account with only those permissions and create an API token from there. It should be valid without expiration, unless you invalidate it from the Okta console. The variable used to pass this token is called
You will also need to provide the domain name assigned to your organization in Okta, usually something like
exampleorg.okta.com, in a variable called
$ docker run -it fydeinc/fyde-connector --enrollment-token='https://enterprise.fyde......' --okta-auth-token='eAJ4q2wc......' --okta-domainname='exampleorg.okta.com' 2019-08-30 23:06:42 - Running Fyde Connector version 1.0.0 2019-08-30 23:06:42 - Initializing Sync Manager for connector https://enterprise.fyde.com/connectors/v1/connectorid1 .... 2019-08-30 23:07:42 - Ran module <sources.okta.SyncModule object at 0x1066555b0> successfully, next run in 900 seconds