How to synchronize users from Active Directory using Directory Sync

Last updated on May 5, 2025

With the latest release of the Rublon Authentication Proxy (3.2.0), we have added a new feature that facilitates the synchronization of users from Active Directory (AD) into the Rublon Admin Console. You can choose between scheduled and manual synchronization. Scheduled synchronization runs twice a day at a randomly chosen time. Your scheduled time will be displayed in your Rublon Authentication Proxy log file.

Note that the Rublon Authentication Proxy can work as a Directory Sync feature alone. You do not need to configure the proxy server feature at all.

Note that the Directory Sync can be performed regardless of whether the Rublon Authentication Proxy is installed on Windows or Linux.

Prerequisites

You need to install the latest version of the Rublon Authentication Proxy. The Directory Sync feature is available starting from version 3.2.0.

Configuration

You can configure the Directory Sync feature by adding a new directory_sync section to your current Rublon Authentication Proxy configuration file. You will also need a configured auth_source of type “LDAP” so that Directory Sync knows where to fetch users from and a rublon section so that it knows where to send those users.

If you want to run scheduled syncs, you have to set the enabled option to true.

An example configuration (of just Directory Sync) may look like this:

directory_sync:
  enabled: true
  auth_source: EXAMPLE_AD
  source_type: ad
  group_dns:
    - cn=some-group,dc=example,dc=org
    - cn=some-group2,dc=example,dc=org

auth_sources:
  - name: EXAMPLE_AD
    type: LDAP
    ip: localhost
    port: 636
    transport_type: ssl
    search_dn: dc=example,dc=org
    access_user_dn: cn=admin,dc=example,dc=org
    access_user_password: some-very-hard-password

rublon:
  api_server: https://core.rublon.net
  system_token: ABC
  secret_key: def

Keep in mind that users are first searched using the auth source’s search_dn and then a membership check is conducted to check if they belong to the groups specified in group_dns. This means that users might not be found even though the group exists, so make sure your search_dn is correct.

Note that the authentication source name (such as EXAMPLE_AD in the preceding example) that will be used in the directory_sync section to specify which AD users will be synchronized with the Rublon Admin Console must be unique globally. So, if you have multiple Rublon Authentication Proxy instances, each using a different auth source for directory_sync, ensure each source has a unique name across your entire organization.

For more information about the configuration of Directory Sync and Rublon Authentication Proxy visit Rublon Authentication Proxy – Configuration.

Running Directory Sync

Manual

After creating/updating your configuration file, you are ready to run your first synchronization:

1. Navigate to your Rublon Authentication Proxy installation directory (C:\Program Files\Rublon Auth Proxy on Windows or rublonauthproxy/ on Linux)

2. Open the bin/ directory.

3. Double-click the rublon-directorysync.exe file to run your AD synchronization. In case of errors, follow the instructions written in the logs.

Automatic (scheduled sync)

Set the enabled option to true and run the Rublon Authentication Proxy. Your synchronization time will be displayed in the logs and it will run automatically in 12h intervals.

For the instructions on how to run the Rublon Authentication Proxy, click here.

Reviewing the Synchronization Result in the Rublon Admin Console

1. Sign in to the Rublon Admin Console.

2. Go to the Users tab.

3. Explore the user list, looking for users from Active Directory. Users synchronized from Active Directory will have a DS badge next to their usernames. You can also look for a specific user by entering their username in the search field and pressing Enter.

4. Clicking the link in the Username column will show the Edit User view with more information about the user, including the groups this user is a member of. Groups synchronized from the Active Directory will have a DS badge. You can browse and edit groups synchronized from AD in the Groups tab. Note that user aliases from the Active Directory will also be synced if they exist.