Configure Filters for On-Premises Directories
Table of Contents
Configure Filters for On-Premises Directories
Learn how to configure a filter for an on-premises directory to reduce the sync time.
If you use only specific policy rule objects or groups in your Security policy,
configuring a filter for this data is a simple and easy way to reduce the time it
takes for the Cloud Identity Engine to complete a sync. By specifying only the data
you use in your Security policy rules as match criteria for the filter in the Cloud
Identity Engine, this reduces the amount of data that the Cloud Identity Engine
retrieves during a sync.
The type of filter you can configure depends on the type of on-premises directory you
use with the Cloud Identity Engine:
- Filter object types—(Active Directory and OpenLDAP) Select whether you want the Cloud Identity Engine to retrieve data types such as computers, organizational units (OUs), and containers.
- Filter groups—(Active Directory only) Select whether you want to filter Active Directory groups by domain name.
- Select Directories and specify the Domain Names of the groups you want to filter or click Upload CSV to upload a .CSV file that contains the domain names of the groups you want to filter.You can configure the same data type filter and group filter for multiple domains or you can configure a separate filter for each domain.Make sure to separate domains using a semicolon (;).
![]()
(Active Directory and OpenLDAP) Select the type of objects you want the Cloud Identity Engine to collect.- Computers
- OUs
- Containers
To minimize sync time, make sure to deselect the object types you don’t use in your Security policy.![]()
Select the match criteria you want to use to configure the filter.- Select the Attribute Name type you want to use.
- Name—Filter the directory data based on name.
- Common-Name—Filter the directory data based on the Common Name.
![]()
Select how you want to Match the data.The filter supports spaces in the search query.- begins with—Filter the data that partially matches text that begins with the text you enter.
- ends with—Filter the data that partially matches text that ends with the text you enter.
- contains—Filter the data that contains the text you enter.
- is equal to—Filter the data that is an exact match for the text you enter.
![]()
Enter the Value of the search query you want to use to filter the groups.![]()
(Optional) Configure an additional filter by clicking Add OR and repeating the previous three steps for each filter you want to include.If you select additional attributes as match conditions, the Cloud Identity Engine initially attempts to find a match for the first condition, then continues to match based on the additional conditions you specify.![]()
(Optional) To create another filter, click Add New Group Filter.![]()
For the initial configuration of the domain, configure the filters before you Install the Cloud Identity Agent or Authenticate the Agent and the Cloud Identity Engine(Optional) To edit the filter or to configure a filter for an existing on-premises directory, select the Actions menu then select Edit Active Object Filters.![]()
When editing a filter, the domain name cannot be edited.![]()
