Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles
How to Follow Data Through the Search PipelineEndpoint for Windows Configuration Reference GuideEndpoint Software Command Line InterfaceBasic Troubleshooting Steps (Enterprise Console)Endpoints or Results Fail to be Displayed in the ConsoleMongoDB and TLS 1.3SQL Client SQL Exception ErrorHow to Troubleshoot Spirion Client Search Failures and How to WhitelistCustomer Notice – Spirion Agent Update & Security Assessment for PostgreSQLHow to Enable Verbose/Debug Logging for the Endpoint ServiceHow can I monitor the status of a queue job?Can I monitor the job queue status automatically?Troubleshooting: "Unable to find job queue: search_queue"How to Verify the Discovery Agent's StatusHow to check if port 6433 is open on your networkWhat is the SDM Translator Service?Can Spirion Sensitive Data Platform be integrated with Microsoft Active Directory?Windows ARM SupportHow to Create a Single Tenant App for OneDrive and Exchange Online SearchesHow to Configure Spirion for Sybase DiscoveryHow to Use Certificates to Authenticate with SharePoint OnlineHow to Quarantine to a Remote Location Using Spirion Sensitive Data PlatformA Server Error has Occurred: How to use the Chrome Developer ToolsWhy doesn't my Oracle 19c Database scan?How to Enable Full Disk Access on a Mac AgentWhy is My Scan Node Running Out of Disk Space?What to do about Message Processing and Delays, also known as 'Lag,' in SpirionDetails About the Box API used by Spirion to Search Box AccountsHow to Build a Mac Package (PKG)How to Sanitize AgentsHow to Set User and Role AccessHow to Enable SSL Communication between Linux Agents and the Spirion ConsoleHow to Enable HTTPS for the Spirion ConsoleHow to Search BoxFAQ: How do I avoid being prompted to re-login to the Spirion console?Spirion Sensitive Data Platform Scan PerformanceHow to Authenticate to SharePoint On-PremiseHow to Configure Spirion Sensitive Data Platform to Connect to an Oracle DatabaseFAQ: Linux 12.5 Client Package Build WorkaroundTroubleshoot Exchange Online Using Microsoft Graph ExplorerFAQ: What to do when an agent will not start the discovery team scan?Required SQL Server PermissionsHow to Scan Microsoft Teams with Spirion Sensitive Data PlatformField Input Using Linux Machines Anti-virus Alerts Received during Spirion SearchVersion 13.6 MSI Installation Issues - Exe file not signedWhat are common firewall rules needed for distributed scans?How do I create a custom regex for medical record numbers?

Can Spirion Sensitive Data Platform be integrated with Microsoft Active Directory?

Spirion Sensitive Data Platform (SDP) can be integrated with Microsoft Active Directory (AD) in several key ways. These integrations support authentication, asset management, and data governance.

1. Authentication & Role-Based Access Control (RBAC)

Spirion supports integration with Active Directory for administrative and user access to the platform:

  • Console Login: You can configure the Spirion console to enable administrators and auditors to log in using their standard Active Directory domain credentials via LDAP or SAML-based Single Sign-On (SSO).
  • User Segmentation: Integration with AD allows for the segmentation of users and devices based on domain group membership, ensuring that only authorized personnel can view specific scan results or manage certain agent groups.

2. Asset Discovery & Management

One of the primary uses of AD integration is to automate the identification of endpoints (Assets) within your environment:

  • Asset Import: You can sync Spirion with Active Directory to automatically populate the console with a list of computers, servers, and users.
  • Dynamic Grouping: By leveraging AD organizational units (OUs), Spirion can automatically assign new machines to specific scan groups or policies as soon as they appear in the domain.
  • Contextual Data: Future roadmap requirements (Phase 3 in some internal PRDs) focus on using AD to clarify "data flow" by linking sensitive data findings to the access controls and business processes defined in Active Directory.

3. Scan Credentials

The Spirion Agent relies on Active Directory for the permissions needed to perform deep scans:

  • Service Accounts: You can use a dedicated AD Service Account to run the Spirion Agent or to provide the "impersonation" credentials required to scan remote file shares (SMB), SharePoint sites, or Exchange mailboxes.
  • Domain Permissions: The integration allows the agent to distinguish between local accounts and domain accounts when reporting on file ownership or permissions associated with a sensitive data discovery.

4. Policy and Governance

Spirion aligns with hierarchical policy systems similar to Microsoft Group Policy (GPO). Administrators often use AD knowledge to:

  • Targeting: Segment and target scans based on Active Directory account or device metadata.
  • Access Control Mapping: Use AD permissions to identify which users have "Read/Write" access to locations where sensitive data has been discovered, helping prioritize remediation efforts.

Summary

While the specific level of integration can depend on your deployment model (SaaS vs. On-Prem), Active Directory is considered a core "Should Have" integration for Asset Creation, Credential Management, and Authentication within the Spirion ecosystem.

Was this article helpful?

Powered by Product Fruits