Port Communication Requirements
Active Directory
For EmpowerID to communicate with Active Directory environments, the following ports must be open:
- 135/TCP RPC
- 137/UDP NetBIOS
- 138/UDP NetBIOS
- 139/TCP NetBIOS
- 389/TCP/UDP LDAP
- 636/TCP LDAP SSL
- 3268/TCP LDAP GC
- 3269/TCP LDAP GC SSL
- 53/TCP/UDP DNS
- 88/TCP/UDP Kerberos
- 445/TCP SMB
- 123/UDP NTP
Internal EmpowerID Communications
The EmpowerID Management Console Windows desktop client requires the following ports be open:
- HTTPS/TLS: port 443 TCP
EmpowerID server to server communications require the following ports be open:
- HTTPS/TLS: port 443 TCP
EmpowerID server to SQL Database communications require the following ports be open:
- Microsoft SQL Server: port 1433 TCP
The EmpowerID WAM/Reverse Proxy does not require any communication with the Microsoft SQL database. The Reverse Proxy retrieves all of its configuration data by calling the EmpowerID REST API on any front-end servers.
The below two images depict the EmpowerID Communications and Connectivity architecture. The first shows the architecture without EmpowerID WAM/Reverse Proxy, while the second shows the architecture with EmpowerID WAM/Reverse Proxy.
Figure 1: EmpowerID Communications and Connectivity Architecture
Figure 2: EmpowerID Communications and Connectivity architecture with WAM/Reverse Proxy module
In addition to the above, for password resets you may need to open TDP/UDP 135, as well as all RPC dynamic ports. For more information, see the following Microsoft topics: