Configuring an on-premises directory allows the Cloud Identity Engine to synchronize user, group, and computer attributes from your internal Active Directory or OpenLDAP infrastructure. This integration relies on the Cloud Identity Agent, a service installed on a Windows server within your network that functions as a secure bridge between your local directory and the cloud service.

To establish this connection, you must install the Cloud Identity Agent on a supported server that meets specific network and system requirements. Once installed, you configure the agent to communicate with your directory using standard protocols (LDAP or LDAPS) and define which domains or specific attributes the agent should collect.

Security is maintained through mutual authentication between the agent and the service. You must authenticate the agent by generating a unique certificate within the Cloud Identity Engine application and installing it on the agent host. This process establishes a trusted, encrypted Transport Layer Security (TLS) channel, ensuring that your directory data is securely synchronized with the cloud.

Beyond basic connectivity, the setup allows for granular control over data synchronization. You can configure specific filters using attributes—such as group names or unique identifiers—to ensure the engine only collects relevant directory objects, optimizing the data flow. Once deployed, the agent provides a local user interface for monitoring the connection status, viewing the timestamps of the last successful directory fetch, and reviewing logs to troubleshoot connectivity or synchronization issues.