Skip to content

Configuration >> Directory

Admin Console Configuration

The Configuration section of the Admin Console is for controlling the application settings of Nullafi Shield. These affect the behavior of Shield itself, not the traffic flowing through it (see Policy for traffic behavior settings).

Directory

The Directory Integrations section is where Nullafi Shield can be integrated with a directory for user based Policy enforcement. Once connected to a directory, enabling SAML Security (see Configuration >> ICAP) will allow Shield to obtain user and group information for every scanned data connection. There are support for Google, Azure, Okta e LDAP Directories, you can enable only one integration at a time.

This section applies to data traffic to be scanned by Shield. See Configuration >> General for Admin Console directory integration.

Google Directory

We will walk you through the process of configuring Nullafi Shield to integrate with the Google Directory. This integration allows Nullafi Shield to query your Google DIrectory in order to check which group(s) a user belong(s) to. This is a required configuration if you plan to set Rules by Groups.

Prerequisites: - Access to Nullafi Shield with administrative privileges. - A Google Developer Console account with permissions to create credentials and allow Consent Screen.

Step 1: Enable Nullafi Shield Integration

  1. Log in to your Nullafi Shield account.

  2. Once logged in, navigate to the "Configuration" section. You can find this in the left menu.

  3. Within the "Configuration" section, look for the "Directory" option. Click on it to proceed.

  4. Inside the "Directory" settings, you will find an option to "Enable" the integration with Google API. Click on this option to initiate the setup.

Step 2: Create API Credentials in Google Developer Console

  1. Open a new web browser tab or window and visit the Google Developer Console.

  2. If you're not already logged in to your Google Developer Console account, sign in with your credentials.

  3. Once logged in, click on the project where you want to set up the integration with Nullafi Shield or create a new project by clicking on the "Select a project" dropdown menu and selecting "New Project."

  4. In the left-hand navigation pane, select "APIs & Services," then click on "Credentials."

  5. Click the "+ Create Credentials" button and select "OAuth client ID."

  6. Configure the OAuth client by:

  7. Choosing the "Web application" option.
  8. Providing a name for the OAuth client ID (e.g., your custom domain seet for Nullafi Shield).
  9. Adding a redirect URIs. This is your callback URL, it should be the URL of your instance, plus /api/config/google/callback (e.g. "https://shield.mycustomdomain.com/api/config/google/callback").

  10. Click the "Create" button to generate the OAuth client ID. A dialog will appear displaying your client ID and client secret.

  11. Download the credentials file in JSON format by clicking on the download icon next to the client ID in the Credentials page. This JSON file will contain the necessary information for the integration.

Step 3: Upload Credentials to Nullafi Shield

  1. Return to your Nullafi Shield admin dashboard.

  2. In the "Configuration" section, navigate to the Google API integration settings. If you are not there yet.

  3. Look for an option to upload the credentials JSON file you downloaded from the Google Developer Console. Typically, this option is labeled as "Upload credentials.json" or similar.

  4. Click on the "Upload Credentials" button and select the JSON file you downloaded earlier.

  5. Follow any additional prompts or instructions to complete the upload process.

  1. After successfully uploading the credentials file, click on the "Step 2" link click here to consent you may be prompted to login using an account with the right permissions to authorize the consent screen. This step is necessary to grant the required permissions for the integration.

  2. Review and confirm the permissions and consent details as presented by Nullafi Shield. Ensure that you understand and agree to the permissions being requested. The following access would be requested: View domains related to your customers, View group subscriptions on your domain, View groups on your domain and See info about users on your domain

  3. Click "Allow" button to grant consent.

  4. A final "Status" will show "Successfull" if no errors were found.

Azure Directory

In this guide, we will walk you through the process of integrating Nullafi Shield with Azure Directory. This integration allows you to enhance the security of your data by leveraging Nullafi Shield in conjunction with Azure Directory.

Prerequisites: - Access to Nullafi Shield with administrative privileges. - An Azure account with administrative access.

Step 1: Register a New Directory Application in Azure

  1. Log in to the Azure Portal using your Azure account credentials.

  2. In the Azure Portal, click on "Azure Active Directory" in the left-hand navigation pane.

  3. Under "Azure Active Directory," select "App registrations."

  4. Click the "+ New registration" button to register a new application.

  5. Provide a name for your application (e.g., "Nullafi Shield Integration").

  6. In the "Supported account types" section, choose the appropriate option based on your organization's requirements.

  7. In the "Redirect URI" section, enter the redirect URI where Azure should send authentication responses. For Nullafi Shield, the redirect URI might be something like /api/directory/azure/auth.

  8. Click the "Register" button to create the application. After registration, you will be redirected to the application's overview page.

Step 2: Configure Application Permissions

  1. In the application's overview page, navigate to "API permissions."

  2. Click the "+ Add a permission" button to add permissions.

  3. In the "Request API permissions" pane, select "Microsoft Graph."

  4. In the "Select permissions" pane, search for and select the following permissions:

  5. Directory.Read.All
  6. User.Read.All

  7. Click the "Add permissions" button to grant these permissions to your application.

  8. After adding the permissions, click the "Grant admin consent" button to ensure these permissions are granted for the entire organization.

Step 3: Retrieve Tenant ID, Client ID, and Client Secret

  1. In the Azure Portal, go back to your application's overview page.

  2. Make note of the following information:

  3. Tenant ID: This can be found in the "Overview" section, typically labeled as "Directory (tenant) ID."
  4. Client ID (Application ID): This can be found in the "Overview" section, typically labeled as "Application (client) ID."
  5. Client Secret: To generate a client secret, navigate to the "Certificates & secrets" section, click on "+ New client secret," provide a description, and click "Add." Make note of the secret value displayed—this is your client secret. Be sure to save it securely as it will not be visible again.

Step 4: Configure Nullafi Shield

  1. Log in to your Nullafi Shield admin dashboard.

  2. In the "Configuration" section, navigate to the Azure Directory integration settings.

  3. Enter the following information:

  4. Tenant ID: The Tenant ID you obtained earlier.
  5. Client ID (Application ID): The Client ID you obtained earlier.
  6. Client Secret: The Client Secret you generated earlier.

  7. Save the configuration.

Okta Directory

In this guide, we will walk you through the process of configuring Nullafi Shield to integrate with Okta Directory. This integration allows you to enhance the security of your data by leveraging Nullafi Shield alongside Okta Directory services.

Prerequisites: - Access to Nullafi Shield with administrative privileges. - An Okta account with administrative access.

Step 1: Create an OKTA Application

  1. Log in to your OKTA Admin Console using your OKTA account credentials.

  2. In the OKTA Admin Console, click on "Applications" in the top navigation menu.

  3. Click the "+ Add Application" button to create a new application.

  4. Choose the "Web" platform option and click "Next."

  5. Configure the application settings as follows:

  6. Name: Enter a name for your application (e.g., "Nullafi Shield Integration").
  7. Login redirect URIs: Set the redirect URI where OKTA should send authentication responses. This might be something like /api/directory/okta/auth.

  8. Click "Done" to create the application.

Step 2: Assign User Access

  1. After creating the application, you will be redirected to the application's settings page.

  2. In the application settings, click on the "Assignments" tab.

  3. Assign user access to the application by selecting the appropriate users or groups who should have access to Nullafi Shield through this integration.

  4. Click "Save" to confirm the assignments.

Step 3: Retrieve OKTA Client ID and Client Secret

  1. In the Okta Admin Console, go to the application's settings page that you created in Step 1.

  2. On the application's settings page, click on the "General" tab.

  3. Make note of the following information:

  4. Client ID: This is your Okta application's client ID.
  5. Client Secret: Click on the "Show" button to reveal the client secret. Make note of this secret.

Step 4: Configure Nullafi Shield

  1. Log in to your Nullafi Shield admin dashboard.

  2. In the "Configuration" section, navigate to the Okta Directory integration settings.

  3. Enter the following information:

  4. Client ID: The Client ID you obtained from Okta.
  5. Client Secret: The Client Secret you obtained from Ikta.

  6. Save the configuration.

Step 5: Test the Integration

  1. To ensure the integration is working correctly, perform a test authentication using the Okta integration in Nullafi Shield.

  2. Verify that users can access Nullafi Shield through Okta authentication and that the security features are functioning as expected.

LDAP Directory

This step-by-step guide will walk you through the process of configuring LDAP integration using only the essential information: Host, username, and password. It assumes that you already have a web proxy integrated with an LDAP directory.

Prerequisites: 1. A web proxy server integrated with an LDAP directory.

Step 1: Gather LDAP Information

  1. Before you begin, make sure you have the following LDAP information from your LDAP administrator:
  2. Host: The hostname or IP address of your LDAP server.
  3. Username: A service account or username with read access to the LDAP directory.
  4. Password: The password associated with the username account.

Step 2: Configure Nullafi Shield

  1. Log in to your Nullafi Shield admin dashboard.

  2. In the "Configuration" section, navigate to the Directory integration settings.

  3. Click at the LDAP option.

  4. Enter the following information:

  5. ICAP Username Header: This is teh HTTP(S) header the web proxy will pass to Nullafi Shield containing the username who did the HTTP(S) request.
  6. Host: Enter the hostname or IP address of your LDAP server.
  7. Username: Provide the username or service account with read access to the LDAP directory.
  8. Password: Enter the password associated with the username account.

  9. Save the configuration.

Step 3: Test LDAP Integration

  1. It's essential to verify that the LDAP integration is working correctly. Test the integration by attempting to authenticate using LDAP credentials through the web proxy configured to use Nullafi Shield.