You can add an on-premise directory or an Microsoft Entra ID directory to sync your directory users and groups with Identity as a Service. Users synced with your Active Directory or Microsoft Entra ID can use their directory password to log in to Identity as a Service.
Note: The Enterprise Service Gateway supports AD, ADLDS, and Radiant Logic directories.
See the following topics:
● To sync users and groups from Active Directory server, use Configure an on-premise a directory Active Directory.
● To sync users and groups from Microsoft Entra ID, use Configure Microsoft Entra ID.
● To sync users and groups from an LDAP directory, see Configure an LDAP directory.
● To sync users and groups with an AD Connector, use Configure an AD Connector directory.
● To sync users and groups from Microsoft Entra ID, use Integrate Microsoft Entra ID with Identity as a Service.
● For active directory (AD) sync to succeed, the AD administrator account must have read-only access to the top of the context root. The AD user whose User Name and Password are entered as part of the directory settings in Identity as a Service must have read-only access to AD.
● To authorize Identity as a Service to access your Microsoft Entra ID, you should use a designated administrator service account. This account must have the Global Administrator role for the configuration of the directory in Identity as a Service.
● For AD Connector, the AD user must have rights to change password on behalf of other users, otherwise password change will not work.
Topics in this section:
● Configure an on-premise Active Directory
● Configure a Microsoft Entra ID (formerly, Azure AD)
● Trigger on-demand synchronization
● Map ImmutableID attribute to the directory attribute
● Manage configured directories
● Configure an AD Connector Directory
● Integrate Microsoft Entra ID with Identity as a Service