Configuring provisioning for Active Directory

Edit online

Provision users from IBM® Verify to an Active Directory application.

Before you begin

Note: Active Directory provisioning is not supported for trial subscriptions.
  • Configure the identity agent for authentication in Verify. See Installing the adapter for Microsoft Active Directory
  • Install and Configure the Active Directory Agent on the Windows™ Active Directory Server. See IBM Verify Bridge for Provisioning.
  • Deploy and configure the IBM Verify Identity Brokerage on-premises component. This gateway allows integration of Verify with targets by using IBM Verify Identity Manager adapters. To configure the Identity Brokerage on-premisis components, go to https://hub.docker.com/r/ibmcom/identity-brokerage.
  • Passwords for Active Directory accounts are generated according to the Verify Cloud Directory password strength policy Authentication > Identity sources > Cloud Directory. See Managing password policies. Set this policy to meet your organizational requirements.
  • To create a standard Exchange server mailbox, you need the mailNickname attribute.
  • To enable and account for Skype for Business Server Registrar Pool, you need the msRECSIP-UserEnabled and msRTCSIP-PrimaryUserAddress attributes.

About this task

Provisioning provides the following features.
Create new users
New users that are created through Verify are also created in the Active Directory application.
Delete users
Deactivating the user or disabling the user's access to the application through Verify deletes the user in the Active Directory application.
Modify user profile
Updates made to the user's profile through Verify are pushed to the Active Directory application.
User suspend and restore
Suspending a user through Verify deactivates the user and restoring the user through Verify activates the user in the Active Directory application.
User synchronization and remediation
Synchronization fetches all the Active Directory application users, creates the users on Verify, and according to the remediation policy, modifies the attributes.

Group synchronization fetches all the target application groups in Verify.

Fine grained entitlement
Fine grained entitlement is supported for the Active Directory application. Synchronization fetches all Active Directory application groups. Users can be added to or removed from groups.
Managing mailboxes
The Active Directory application supports managing of Exchange mailboxes.
Skype for Business Server
Running under an account with sufficient authority, the adapter supports Skype for Business. Skype for Business is communication software that is used for instant messaging, conferencing and telephony solutions.

Procedure

  1. Login to Verify.
  2. Select Applications > Applications.
  3. Select Add application.
  4. Select application of type Active Directory.
    To configure user provisioning in Verify, you need the following information:
    • Active Directory Agent URL
    • Active Directory Agent user ID
    • Active Directory Agent password
    • Identity Agent for provisioning
    • User Base DN
    • Group Base DN
    • Use preferred Exchange Servers
    • Preferred Exchange Servers
    • Use preferred Skype for Business Servers
    • Preferred Skype for Business Servers