Configuring provisioning for Microsoft Active Directory
This configuration provisioning guide provides the basic information that you need to install and configure the Microsoft Active Directory Adapter. The adapter enables connectivity between the IBM Security® Verify server and a system that runs the directory server.
Before you begin
Note: Microsoft Active Directory provisioning is not supported for trial subscriptions.
- Install the AD Agent on the domain controller or on any workstation with-in the domain. See Installing the adapter for Microsoft Active Directory.
- Install and Configure the Active Directory Agent on the Windows Active Directory Server. See Installing the adapter for Microsoft Active Directory.
- Deploy and configure the IBM® Security Verify Identity Brokerage on-premises component. This gateway allows integration of Verify with targets by using IBM Security Verify Identity Manager adapters. To configure the Identity Brokerage on-premisis components, go to https://hub.docker.com/r/ibmcom/identity-brokerage.
- To create a standard Exchange server mailbox, you need the
mailNickname
attribute. - To enable and account for Skype for Business you need the Server Registrar Pool,
msRECSIP-UserEnabled
andmsRTCSIP-PrimaryUserAddress
attributes.
About this task
Provisioning provides the following features.
- Create new users
- New users that are created through Verify are also created in the Microsoft Active Directory application.
- Delete users
- Deactivating the user or disabling the user's access to the application through Verify deletes the user in the Microsoft Active Directory application.
- Modify user profile
- Updates made to the user's profile through Verify are pushed to the Microsoft Active Directory application.
- User suspend and restore
- Suspending a user through Verify deactivates the user and restoring the user through Verify activates the user in the Microsoft Active Directory application.
- User synchronization and remediation
- Synchronization fetches all the Microsoft Active Directory application users, creates the users on Verify, and according to
the remediation policy, modifies the attributes.
Group synchronization fetches all the target application groups in Verify.
- Fine grained entitlement
- Fine grained entitlement is supported for the Microsoft Active Directory application. Synchronization fetches all Microsoft Active Directory application groups. Users can be added to or removed from groups.
- Managing mailboxes
- The Microsoft Active Directory application supports managing of Exchange mailboxes.
- Skype for Business Server
- Running under an account with sufficient authority, the adapter supports Skype for Business. Skype for Business is communication software that is used for instant messaging, conferencing and telephony solutions.