Firewall and Network Access Policy

The installation of the Eko Active Directory Connector (EkoADC) requires the customer to define network access control policies. Since EkoADC is deployed within the Customer Data Center (on-premises), the customer's firewall must be configured to allow specific inbound and outbound traffic to enable user synchronization and authentication.

EkoADC supports synchronization directly from Active Directory or from a CSV file format from the customer’s file sharing system (in which case the customer must include the AD user in the file for authentication purposes).

The required firewall policies ensure connectivity between EkoADC and both the Eko (external communication) and the local AD (internal communication).

1. Required Network Access Control Policies

The following table details the necessary communication pathways that must be permitted on the customer's network:

Direction
Source
Destination
Port/Protocol
Purpose

Outbound

EkoADC

Internet (Any)

TCP/443 (HTTPS)

Communication with Eko/IDMAPI (Sending sync data)

Inbound

Internet (Any) / Customer Proxy

EkoADC

TCP/443 (HTTPS)

Webhook/API communication (For EkoIDMAPI to send requests to EkoADC, such as authentication requests)

Internal

EkoADC

Customer AD

TCP/389 (LDAP)

User synchronization and authentication using standard LDAP

Internal

EkoADC

Customer AD

TCP/636 (LDAPS)

Secure User synchronization and authentication (LDAPs is recommended)

Internal

EkoADC

Customer Time Server

TCP/123, UDP/123 (NTP)

Time synchronization

Internal

EkoADC

Customer DNS Server

UDP/53 (DNS)

DNS resolution (e.g., resolving the AD Server or Eko Cloud endpoints)

Outbound

EkoADC

FTP Server

TCP/FTP, TCP/FTPs

File sync for user profiles (Required if user data is sourced from an HR file system via FTP/SFTP)

Outbound

EkoADC

Proxy Server

TCP/8080 (Proxy Port)

If required, for external communication through a Customer Proxy Server

2. Proxy Configuration

If the customer utilizes a proxy server for external internet access, the EkoADC configuration supports defining this access. The configuration requires specifying the proxy protocol, host, port, username, and password.

PreviousActive Directory (AD) Configuration DetailsNextSSL Certificate Requirements

Last updated