How to use IBM® App Connect with Microsoft Active Directory
Use Microsoft Active Directory is a directory service that provides centralized management of users, computers, and other resources on a network.
- App Connect Enterprise as a Service connector
- Local connector in containers (Continuous Delivery release)
- Local connector in containers (Long Term Support release)
- Local connector in containers (Long Term Support Cycle-2 release)
Supported product and API versions
To find out which product and API versions this connector supports, see Detailed System Requirements on the IBM Support page.
Connecting to Microsoft Active Directory
To connect App Connect to a Microsoft Active Directory account that you want App Connect to use, you need the following connection details:
- Principal distinguished name: The distinguished name of the Microsoft Active Directory user; for example, CN=user,OU=organization,DC=mydomain,DC=com
- Password: The password that is associated with the administrator distinguished name
- Microsoft Active Directory URL: A valid Microsoft Active Directory URL in the format
ldap://<host or IP address>:<port>
If necessary, work with your Microsoft Active Directory administrator to obtain these values. For more information about the distinguished name and other connection details, see the Microsoft documentation for Azure Active Directory; for example, LDAP authentication with Azure Active Directory.
To connect to Microsoft Active Directory from the App Connect Designer page (previously the Catalog page) for the first time, under Microsoft Active Directory click Connect. When prompted, grant App Connect access to your Microsoft Active Directory. This creates an account in App Connect. For more information, see Managing accounts.
Before you use the account that is created in App Connect in a flow, rename the account to something meaningful that helps you to identify it. To rename the account on the Applications and APIs page, select the account, open its options menu (⋮), then click Rename Account.
What should I consider first?
Before you use App Connect Designer with Microsoft Active Directory, take note of the following considerations:
- (General consideration) You can see lists of the trigger events and
actions that are available on the Applications and APIs page of the App Connect Designer.
For some applications, the events and actions depend on the environment and whether the connector supports configurable events and dynamic discovery of actions. If the application supports configurable events, you see a Show more configurable events link under the events list. If the application supports dynamic discovery of actions, you see a Show more link under the actions list.
- (General consideration) If you are using multiple accounts for an application, the set of fields that is displayed when you select an action for that application can vary for different accounts. In the flow editor, some applications always provide a curated set of static fields for an action. Other applications use dynamic discovery to retrieve the set of fields that are configured on the instance that you are connected to. For example, if you have two accounts for two instances of an application, the first account might use settings that are ready for immediate use. However, the second account might be configured with extra custom fields.
Events and actions
Microsoft Active Directory events
These events are for changes in this application that trigger a flow to start completing the actions in the flow.
Microsoft Active Directory actions
Your flow completes these actions on this application.
- Computers
-
- Create computer
- Retrieve computers
- Update computer
- Delete computer
- Contacts
-
- Create contact
- Retrieve contacts
- Update contact
- Delete contact
- Entries
-
- Create entry
- Retrieve all entries
- Retrieve entries
- Update entry
- Delete entry
- Modify distinguished name
- Add to group
- Remove from group
- Groups
-
- Create group
- Retrieve groups
- Update group
- Delete group
- InetOrgPerson objects
-
- Create InetOrgPerson object
- Retrieve InetOrgPerson objects
- Update inetOrgPerson object
- Delete inetOrgPerson object
- Organizational units
-
- Create organizational unit
- Retrieve organizational units
- Update organizational unit
- Delete organizational unit
- Users
-
- Create user
- Retrieve users
- Update user
- Delete user
More items are available when you have connected App Connect to Microsoft Active Directory.
Examples
When you have created an account for Microsoft Active Directory in App Connect, you can include actions like Create group and Retrieve users in your integration flows. You can test the actions individually and use them in running flows; for example:
In this example, a Retrieve users action has been configured to retrieve up to 10 users for the specified Base distinguished name, and if no users are found to issue a 204: No content response.
Use templates to quickly create flows for Microsoft Active Directory
Learn how to use App Connect templates to quickly create flows that complete actions on Microsoft Active Directory. For example, open the Templates gallery, and then search for Microsoft Active Directory.