ONARKEN® supports integration for Active Directory, using either your on-premises LDAP connection or Entra ID. This guide is designed to help you choose which option suits your organisation best.
Entra ID
The ONARKEN® Entra ID integration works by configuring the Entra groups you would like synced into ONARKEN®, enabling usage at your Smart Lockers and/or logging into the ONARKEN® Management Platform.
Why pick Entra ID?
- The Entra ID integration supports Single Sign-On for users on the ONARKEN® management platform and Smart Locker users on the My ONARKEN® application.
- Users are kept up-to-date through automatic daily synchronisation and optional live check on user scan.
- Self-registration option if card numbers are not stored in Entra ID.
LDAP Lookup
The ONARKEN® LDAP Lookup integration works by searching your on-premises Active Directory. When a user scans their card at the Smart Lockers, if a user is found, they are registered to the ONARKEN® system and can proceed with using the Lockers.
Why pick LDAP Lookup
- Users are authenticated live against your Active Directory when scanning.
- No time-consuming registration process for the locker user.
Drawbacks of LDAP Lookup
- Users are only updated during the locker scan process, therefore users that no longer exist will not be removed from ONARKEN® until an automatic purge date.
- Users will not exist in ONARKEN® until their first locker scan, therefore, cannot use My ONARKEN® or have Drop Off / Collections arranged for them until they use the lockers.
- Amendments to users' details will not be updated, such as change of email address, card number or name, until they re-scan at the lockers.
- Card numbers must exist within your Active Directory.
LDAP Self-Registration
The ONARKEN® LDAP Registration integration works when a card number is scanned for the first time, the user will be asked to enter their Active Directory login credentials, if they are successfully authenticated, and are granted permission to use the Smart Lockers, ONARKEN® will then match the card number with the user. All subsequent reads will check the user against Active Directory via their email address.
Why pick LDAP Self-Registration
- Users are authenticated live against your Active Directory when scanning.
- Card numbers are not needed to be stored within your Active Directory
Drawbacks of LDAP Self-Registration
- Users are only updated during the locker scan process, therefore users that no longer exist will not be removed from ONARKEN® until an automatic purge date.
- Users will not exist in ONARKEN® until their first locker scan therefore cannot use My ONARKEN® or have Drop Off / Collections arranged for them until they use the lockers.
- Self-registration for a fresh intake of users can be a time-consuming process.
- Users can register to use the service with any compatible ID card therefore this may not match your internal card management system.