Skip to main content
This guide applies to Mac computers

About AD CS Integration Configuration

AD CS Integration Configuration in Iru Endpoint allows you to set up and manage Active Directory Certificate Services integration, including managing connector servers, adding certificate authority hosts, and creating Library Items for certificate-based authentication.

How It Works

The AD CS integration is configured from the Iru Endpoint Integrations page in your Iru Endpoint web app. Once setup is complete, you can manage Iru Endpoint AD CS Connector servers, add your AD CS certificate authority (CA) hosts, and create Library Items, all from the AD CS integration page. The integration establishes a secure connection between Iru Endpoint and your on-premises AD CS environment, enabling certificate-based authentication for managed devices.

Prerequisites

  • Computer Certificate Template: Ensure you have created a computer certificate template in AD CS for use with Iru Endpoint
  • Windows Server Access: Ensure you have access to the Windows Server designated as the AD CS Connector
  • Network Requirements: Ensure all required domains and ports listed in the Active Directory Certificate Services Network Requirements section from the Using Iru Endpoint on Enterprise Networks article are allowed on your network
  • Server Preparation: To save time, have your Windows server up and running so you’re ready to install the AD CS Connector application once you have completed the initial AD CS integration setup

AD CS Integration Setup

1

Navigate to Integrations

In the left-hand navigation, select Integrations.
Screenshot needed: Iru Endpoint navigation with Integrations highlighted
2

Discover Integrations

Near the top-right, select Discover integrations.
Screenshot needed: Discover integrations button in the top-right corner
3

Add AD CS Integration

Find the Active Directory Certificate Services integration and click Add and configure.
Screenshot needed: Active Directory Certificate Services integration card with Add and configure button
4

Start Setup Process

Select Get started to continue with the setup process.
5

Download Connector

In the Download window, click Download connector.
6

Monitor Download Progress

You should see an indicator displaying the download progress. Once the download is done, the Iru Endpoint ADCS.exe installer file will be in your default downloads folder.
Screenshot needed: Download progress indicator and completed download
7

Continue Setup

Once the download completes, click Next.
Screenshot needed: Next button after download completion
8

Review Connection Instructions

On the Connection pending… screen, you will see a few instructions that need to be performed on the Windows Server designated as the AD CS Connector.
Screenshot needed: Connection pending screen with installation instructions
9

Return to Integrations

To go back to the main Integrations page, click Close.
Screenshot needed: Close button and return to main Integrations page
10

Verify Integration Card

An AD CS integration card should be visible on the main Integrations page. The status will show as Pending installation… until the AD CS Connector has been installed on the Windows server and you have signed in to the AD CS Connector with your Iru Endpoint credentials to create the WebSocket connection back to Iru Endpoint.
11

Access Overview Page

Click on the AD CS integration card to go to the Overview page.
Screenshot needed: AD CS integration card being clicked to access the Overview page
12

Review Connector Information

On the Overview page, you can see information about the AD CS Connector that was added. Most of the details will not be populated until the AD CS Connector is installed on the Windows server and a connection is made back to Iru Endpoint.
Screenshot needed: Overview page with AD CS Connector information displayed
The Overview page displays the following information:
  • The domain to which the AD CS Connector server is bound
  • The Connector’s IP address
  • Assigned AD CS servers. Servers can be assigned once the AD CS Connector is connected back to Iru Endpoint
  • The version of the Windows server where the AD CS Connector is installed
  • Status on the connection between Iru Endpoint and Iru Endpoint AD CS Connector. The status will remain in a Pending state until the Connector is installed on the Windows server and a connection is made back to Iru Endpoint
  • In the Connector action menu(), you can view the installation instructions, redownload the connector installer, or delete the connector

Adding AD CS Certificate Authority Servers

You must define the FQDN in the Server name field in the AD CS servers tray.
1

Access the Servers Tab

On the AD CS Integration page, click the Servers tab.
2

Add AD CS Server

In the tray, add the AD CS server(s) that will be used for creating certificates using the format of: ca_server_fqdn\issuing_ca_name (Example: “subordinateca.kandji-adcs.com\QueenBee Issuing CA”). The issuing_ca_name is found in the Certificate Authority Snap-in on the issuing CA Windows server. You will be able to assign the server once the Connector shows a status of Connected.
3

Save Server Configuration

Click Add.
4

Verify Server Status

The status for the AD CS server will show as Disconnected until assigned to an AD CS Connector. Once the AD CS Connector status shows Connected, you can assign the AD CS CA server(s) to the AD CS Connector. You can edit or delete the AD CS server from the action menu () on the AD CS server card.
5

Install AD CS Connector

Follow the ADCS Connector Installation support article to install the AD CS Connector on your Windows server.

Assigning an AD CS Server to a Connector

Once the AD CS Connector status shows as Connected, you can assign an AD CS server to the Connector.
1

Access Connector Actions

On the AD CS Integration Overview page, click the action menu () on the Connector card.
2

Start Server Assignment

Click Assign servers.
3

Select AD CS Server

Select the AD CS server from the list.
4

Complete Assignment

Click Add.
There should now be an AD CS server assigned to the Connector.

Adding Additional Connectors

If needed, additional AD CS Connectors can be added to the AD CS integration.
1

Navigate to AD CS Integration

In Iru Endpoint, navigate to Integrations and select the AD CS Integration card.
2

Add New Connector

Click Add connector.
3

Verify Connector Status

A new connector will appear in a Pending state awaiting AD CS service assignment.
4

Manage Connector

From the action menu (), you can view install instructions, redownload the connector installer, or remove the connector entirely.

Removing the Integration

This integration is a requirement to issue AD CS certificates to your fleet. Deleting this integration cannot be undone.
1

Navigate to Integrations

In Iru Endpoint, navigate to Integrations.
2

Select AD CS Integration

Click on the Active Directory Certificate Services integration that you want to remove.
3

Delete Integration

On the main Active Directory Certificate Services page, click the Action menu () and click Delete integration.
4

Confirm Deletion

In the Delete AD CS Integration window, click the Delete integration button. Once the integration is removed, you will be taken back to the main Integration page.

Considerations

  • Integration Status: The AD CS integration status will show as Pending installation until the AD CS Connector is installed and connected
  • Server Assignment: AD CS servers can only be assigned to connectors that show a Connected status
  • Network Connectivity: Ensure proper network connectivity between Iru Endpoint and your on-premises AD CS environment
  • Certificate Template: The computer certificate template created in AD CS must be properly configured for Iru Endpoint integration
  • Connector Management: Multiple connectors can be added to provide redundancy and load distribution
  • Integration Removal: Removing the integration will prevent certificate issuance to managed devices