Communication Protocols

The Eko AD Sync solution relies on secure communication channels and specific network protocols to ensure the reliable exchange of user data and authentication requests between your on-premises infrastructure and the Eko environment. These protocols vary depending on whether the communication is occurring within your internal network (customer-side) or over the public internet.

1. Internal Communication (customer-side)

Communication that occurs entirely within the Customer Data Center involves EkoADC interacting with the organization's existing identity management systems, such as Active Directory (AD) or file servers.

Protocol
Port
Purpose

LDAP

TCP/389

Used by EkoADC to perform tasks like LDAP search for querying users during synchronization, or fetching disabled users from the AD.

LDAPS

TCP/636

The secure version of LDAP. It is highly recommended and used by EkoADC to establish a secure, encrypted connection with the Active Directory for both user synchronization and user authentication.

FTP / SFTP

Varies

Used by EkoADC to connect to the Customer's File Server (e.g., FTP Server) when synchronization is sourced from a file (like a CSV from an HR system).

The firewall policy requires that the EkoADC has internal access to the Customer AD using TCP/389 (LDAP) or TCP/636 (LDAPS).

2. External Communication (EkoADC to Eko)

Communication between the on-premises EkoADC and Amity Solutions’ cloud services (IDMAPI/Eko Backend) occurs over the public internet, requiring security and encryption.

Protocol
Port
Purpose

HTTPS

TCP/443

The EkoADC uses HTTPS (secure HTTP) to transmit data to and from the Eko Cloud. This is used when:

  • User Synchronization: EkoADC sends user synchronization data (in batches or chunks) to the EkoIDMAPI/Eko Backend via HTTPS.

  • User Authentication: User account information (username and password) is passed from the EkoIDMAPI to the EkoADC via HTTPS during the login process.

  • Webhook/API Communication: EkoADC receives API calls or webhooks (e.g., from the Eko or a Customer reverse proxy) via HTTPS.

3. Other Necessary Network Protocols

For the EkoADC server to function correctly within the customer's network, access to time and naming services is required:

Protocol
Port
Purpose

NTP

TCP/123, UDP/123

Necessary for the EkoADC to synchronize time with the Customer Time Server.

DNS

UDP/53

Required for DNS resolution, allowing EkoADC to resolve domain names of the Customer AD Server and Eko endpoints.

Proxy Port

TCP/8080

If the customer network requires the use of a proxy server for external internet access, the EkoADC communicates through the Proxy Port (e.g., TCP/8080). The config.json file in EkoADC allows configuring a proxy host, port (e.g., 3128), and protocol (e.g., http).

PreviousKey Components and RolesNextRedundancy

Last updated