Configuring provisioning for Microsoft Active Directory

This configuration provisioning guide provides the basic information that you need to install and configure the Microsoft Active Directory Adapter. The adapter enables connectivity between the IBM Security® Verify server and a system that runs the directory server.

Before you begin

Note: Microsoft Active Directory provisioning is not supported for trial subscriptions.
  • Install the AD Agent on the domain controller or on any workstation with-in the domain. See Installing the adapter for Microsoft Active Directory.
  • Install and Configure the Active Directory Agent on the Windows Active Directory Server. See Installing the adapter for Microsoft Active Directory.
  • Deploy and configure the IBM® Security Verify Identity Brokerage on-premises component. This gateway allows integration of Verify with targets by using IBM Security Verify Identity Manager adapters. To configure the Identity Brokerage on-premisis components, go to https://hub.docker.com/r/ibmcom/identity-brokerage.
  • To create a standard Exchange server mailbox, you need the mailNickname attribute.
  • To enable and account for Skype for Business you need the Server Registrar Pool, msRECSIP-UserEnabled and msRTCSIP-PrimaryUserAddress attributes.

About this task

Provisioning provides the following features.
Create new users
New users that are created through Verify are also created in the Microsoft Active Directory application.
Delete users
Deactivating the user or disabling the user's access to the application through Verify deletes the user in the Microsoft Active Directory application.
Modify user profile
Updates made to the user's profile through Verify are pushed to the Microsoft Active Directory application.
User suspend and restore
Suspending a user through Verify deactivates the user and restoring the user through Verify activates the user in the Microsoft Active Directory application.
User synchronization and remediation
Synchronization fetches all the Microsoft Active Directory application users, creates the users on Verify, and according to the remediation policy, modifies the attributes.

Group synchronization fetches all the target application groups in Verify.

Fine grained entitlement
Fine grained entitlement is supported for the Microsoft Active Directory application. Synchronization fetches all Microsoft Active Directory application groups. Users can be added to or removed from groups.
Managing mailboxes
The Microsoft Active Directory application supports managing of Exchange mailboxes.
Skype for Business Server
Running under an account with sufficient authority, the adapter supports Skype for Business. Skype for Business is communication software that is used for instant messaging, conferencing and telephony solutions.

Procedure

  1. Login to Verify.
  2. Select Applications > Applications.
  3. Select Add application.
  4. Select application of type Microsoft Active Directory.
    To configure user provisioning in Verify, you need the following information:
    • Microsoft Active Directory Agent URL
    • Microsoft Active Directory Agent user ID
    • Microsoft Active Directory Agent password
    • Identity Agent for provisioning
    • User Base DN
    • Group Base DN
    • Use preferred Exchange Servers
    • Preferred Exchange Servers
    • Use preferred Skype for Business Servers
    • Preferred Skype for Business Servers