diff --git a/_articles/directory-connector/azure-active-directory.md b/_articles/directory-connector/azure-active-directory.md index 5d6c3d98..d39a717f 100644 --- a/_articles/directory-connector/azure-active-directory.md +++ b/_articles/directory-connector/azure-active-directory.md @@ -6,7 +6,7 @@ featured: true popular: false hidden: false tags: [] -order: 08 +order: 09 --- This article will help you get started using Directory Connector to sync users and groups from your Azure Active Directory to your Bitwarden Organization. diff --git a/_articles/directory-connector/gsuite-directory.md b/_articles/directory-connector/gsuite-directory.md index f2482f00..43b0adf5 100644 --- a/_articles/directory-connector/gsuite-directory.md +++ b/_articles/directory-connector/gsuite-directory.md @@ -6,7 +6,7 @@ featured: true popular: false hidden: false tags: [] -order: 09 +order: 10 --- This article will help you get started using Directory Connector to sync users and groups from your Google Workspace (formerly "G Suite") Directory to your Bitwarden Organization. diff --git a/_articles/directory-connector/ldap-directory.md b/_articles/directory-connector/ldap-directory.md index 3e0434ad..aa746b92 100644 --- a/_articles/directory-connector/ldap-directory.md +++ b/_articles/directory-connector/ldap-directory.md @@ -5,7 +5,7 @@ categories: [directory-connector] featured: true popular: false tags: [active directory, ldap, ad] -order: 07 +order: 08 --- This article will help you get started using Directory Connector to sync users and groups from your LDAP or Active Directory service to your Bitwarden Organization. Bitwarden provides built-in connectors for the most popular LDAP directory servers, including: diff --git a/_articles/directory-connector/okta-directory.md b/_articles/directory-connector/okta-directory.md index 5cfd90ee..a5472552 100644 --- a/_articles/directory-connector/okta-directory.md +++ b/_articles/directory-connector/okta-directory.md @@ -6,7 +6,7 @@ featured: true popular: false hidden: false tags: [] -order: 10 +order: 11 --- This article will help you get starting using Directory Connector to sync users and groups from your Okta directory to your Bitwarden Organization. diff --git a/_articles/directory-connector/onelogin-directory.md b/_articles/directory-connector/onelogin-directory.md index ef4a0b1d..2b86c957 100644 --- a/_articles/directory-connector/onelogin-directory.md +++ b/_articles/directory-connector/onelogin-directory.md @@ -6,7 +6,7 @@ featured: true popular: false hidden: false tags: [] -order: 11 +order: 12 --- This article will help you get started using Directory Connector to sync users and groups from your OneLogin directory to your Bitwarden Organization. diff --git a/_articles/directory-connector/schedule-directory-sync.md b/_articles/directory-connector/schedule-directory-sync.md new file mode 100644 index 00000000..4d71cbb2 --- /dev/null +++ b/_articles/directory-connector/schedule-directory-sync.md @@ -0,0 +1,80 @@ +--- +layout: article +title: Schedule a Sync +categories: [directory-connector] +featured: true +popular: false +tags: [directory connector, directory sync, schedule, cronjob] +order: 07 +--- + +For Organizations using the Directory Connector CLI, automatic syncs can be scheduled on defined intervals as an alternative to using the Desktop Applications **Interval** setting. This is particularly useful in headless environments, on in circumstances where a Desktop Application cannot be left running in the background. + +## Cron + +In Unix-like environments, including Linux and macOS, use cron to schedule Directory Connector sync jobs: + +### Cron Permissions + +When running a cron job, we recommend doing so as a dedicated Directory Connector user. Create a `bwdc` user if you haven't already, and add that user to the `etc/cron.allow` list. This will allow a non-Root user to set up and run cron jobs. + +In order to continue, you will also need your Organization's [API Key]({{site.baseurl}}/article/public-api/#authentication) `client_id` and `client_secret`, which can be obtained by an Organization **Owner** from the Web Vault by navigating to Organization **Settings** → **My Organization**. + +### Setup a Sync Script + +In order avoid session timeouts, we recommend creating a shell script to run through cron, for example: + +``` +#!/bin/bash + +#In order to protect your credentials, this script requires a .p0 file containing the API Key client_secret in base64. Create a temp file with the clear text client_secret and process it using `base64 clearTextFile > .p0`. The .p0 file should be owned and locked down by a unique account (e.g. bwdc) that is only utilized to run this script and Directory Connector. Delete the temp file after creating the .p0 file. + +#Additionally, be sure to replace the BW_CLIENTID="..." value with your API Key client_id. +​ +file=.p0 +export BW_CLIENTID="organization.jAEFNqJ5-yKqx2-sX3jt-p7Mcw-aLY9qfFXbR69" +export BW_CLIENTSECRET=$(cat $file | base64 -d) +​ +bwdc login +​ +bwdc sync >> bwdc.log +``` + +This script will securely read your `client_secret` to complete the login, and run a `bwdc sync` command that writes output to `bwdc.log`. + +### Setup the Cron Job + +As the permitted `bwdc` user: + +1. Edit the user's crontab file by entering `crontab -e` in the terminal, or as edit the crontab file as any user by entering `crontab -u -e`. +2. Add a line to the crontab that includes: + - A [scheduling expression](#cron-job-scheduling-expressions) that will determine the time/recurrence interval on which to execute the desired command (e.g. `0 0 * * 2` to run every Tuesday at midnight). + - The command to execute at the specified time/recurrence interval. In this case, execute the [previously created sync script](#setup-a-sync-script) (e.g. `bwdcSyncService.sh`): + +For example, to run the sync script every Monday at 12:00: + +``` +# 0 12 * * 1 bwdcSyncService.sh +``` + +#### Cron Job Scheduling Expressions + +Use the following reference when scheduling syncs via cron to ensure you're scheduling them for the desired time: + +``` +# ┌───────────── minute (0 - 59) +# │ ┌───────────── hour (0 - 23) +# │ │ ┌───────────── day of the month (1 - 31) +# │ │ │ ┌───────────── month (1 - 12) +# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday; +# │ │ │ │ │ 7 is also Sunday on some systems) +# │ │ │ │ │ +# │ │ │ │ │ +# * * * * * +``` + +{% callout success %} +If you're not yet comfortable with cron job scheduling expressions, check out [https://crontab.guru/](https://crontab.guru/){:target="\_blank"} for help. + +Please note, this is a third-party resource that is not operated or maintained by Bitwarden. +{% endcallout %}