How to use IBM® App Connect with Microsoft Active Directory

Use Microsoft Active Directory is a directory service that provides centralized management of users, computers, and other resources on a network.

Supported product and API versions

To find out which product and API versions this connector supports, see Detailed System Requirements on the IBM Support page.

Connecting to Microsoft Active Directory

To connect App Connect to a Microsoft Active Directory account that you want App Connect to use, you need the following connection details.

  • Principal distinguished name is the distinguished name of the Microsoft Active Directory user; for example, CN=user,OU=organization,DC=mydomain,DC=com
  • Password is the assword that is associated with the administrator distinguished name
  • Microsoft Active Directory URL is a valid Microsoft Active Directory URL in the format ldap://<host or IP address>:<port>

If necessary, work with your Microsoft Active Directory administrator to obtain these values. For more information about the distinguished name and other connection details, see the Microsoft documentation for Azure Active Directory; for example, LDAP authentication with Azure Active Directory.

To connect to Microsoft Active Directory from the App Connect Designer Connect > Applications and APIs page (previously the Catalog page) for the first time, under Microsoft Active Directory click Connect. When prompted, grant App Connect access to your Microsoft Active Directory. These steps create an account in App Connect. For more information, see Managing accounts.

Tip:

Before you use the account that is created in App Connect in a flow, rename the account to something meaningful that helps you to identify it. To rename the account on the Applications and APIs page, select the account, open its options menu (⋮), then click Rename Account.

What to consider first

Before you use App Connect Designer with Microsoft Active Directory, take note of the following considerations:

  • (General consideration) You can see lists of the trigger events and actions that are available on the Applications and APIs page of the App Connect Designer.

    For some applications, the events and actions depend on the environment and whether the connector supports configurable events and dynamic discovery of actions. If the application supports configurable events, you see a Show more configurable events link under the events list. If the application supports dynamic discovery of actions, you see a Show more link under the actions list.

  • (General consideration) If you are using multiple accounts for an application, the set of fields that is displayed when you select an action for that application can vary for different accounts. In the flow editor, some applications always provide a curated set of static fields for an action. Other applications use dynamic discovery to retrieve the set of fields that are configured on the instance that you are connected to. For example, if you have two accounts for two instances of an application, the first account might use settings that are ready for immediate use. However, the second account might be configured with extra custom fields.

Events and actions

Microsoft Active Directory events

These events are for changes in this application that trigger a flow to start completing the actions in the flow.

Note: Events are not available for changes in this application. You can trigger a flow in other ways, such as at a scheduled interval or at specific dates and times.

Microsoft Active Directory actions

Your flow completes these actions on this application.

Computers
Create computer
Retrieve computers
Update computer
Delete computer
Contacts
Create contact
Retrieve contacts
Update contact
Delete contact
Entries
Create entry
Retrieve all entries
Retrieve entries
Update entry
Delete entry
Modify distinguished name
Add to group
Remove from group
Groups
Create group
Retrieve groups
Update group
Delete group
InetOrgPerson objects
Create InetOrgPerson object
Retrieve InetOrgPerson objects
Update inetOrgPerson object
Delete inetOrgPerson object
Organizational units
Create organizational unit
Retrieve organizational units
Update organizational unit
Delete organizational unit
Users
Create user
Retrieve users
Update user
Delete user

More items are available after you connect App Connect to Microsoft Active Directory.

Examples

After you create an account for Microsoft Active Directory in App Connect, you can include actions like Create group and Retrieve users in your integration flows. You can test the actions individually and use them in running flows.

For example, you can configure a Retrieve users action to retrieve up to 10 users for the specified Base distinguished name, and if no users are found, the flow can issue a 204: No content response.

Dashboard tile for a template that uses Microsoft Active Directory
Dashboard tile for a template that uses Microsoft Active Directory
Dashboard tile for a template that uses Microsoft Active Directory

Use templates to quickly create flows for Microsoft Active Directory

Learn how to use App Connect templates to quickly create flows that complete actions on Microsoft Active Directory. For example, go to the Discover page and search for Microsoft Active Directory.

Learn more