Integration of Active Directory with SailPoint IIQ
Check this blogpost for the Active Directory Provisioning
Navigate to Application → New Application
Select Application Type as Active Directory-Direct and provide the Application Name and Owner Field
Enter the Forest Name , Global Catalog Server ie DC and the credentials of the service Account , Add the above entered Forest details and Click on Discover to get all the Domains Available in the Forest.
Check this blogpost for the Active Directory Provisioning
Navigate to Application → New Application
Select Application Type as Active Directory-Direct and provide the Application Name and Owner Field
Enter the Forest Name , Global Catalog Server ie DC and the credentials of the service Account , Add the above entered Forest details and Click on Discover to get all the Domains Available in the Forest.
Here we can add and remove the Domain which we want to manage from this Application
Here we can add and remove account OU which we are managing from the above Domains
Here we can add Groups OU which we are managing from the above Domains
Test the Target Application Connectivity
Create the correction Rule , based on which user need to be linked from the Active Directory to the Sailpoint.
Create the Group Aggregation Task to pull all the Entitlement from Active Directory and click on save and Run.
we can check all the Entitlements Aggregated from Active Directory in Applications → Entitlement Catalog
Create the Account Aggregation Task to pull all the Users Accounts from Active Directory and click on save and Run.
we can check all the Accounts Aggregated from Active Directory in Applications → Edit Application → Accounts Tab
Hi Vishal,
ReplyDeleteI am new in Saipoint, It was nice explanation, i am following what you are posting, it is very helpful for me. Could you please post brief explanation about workflow and quicklink.
Thank you for reading this blog . Soon I will post the details and ways to trigger the workflow using the quicklink .
ReplyDeleteVery Informative. Keep adding more knowledgeable stuff
ReplyDeleteThank You souman !
Deleteexcuse me,What to do if Active Directory is on another host?
ReplyDeleteI haven't tried but i think as long as the AD trust the domain on which you have installed the IQService it should work , But not sure how it will behave for the Exchange and Skype Provisioning . Create a support Ticket and see what Sailpoint Support Team suggest. Let me also know :-)
Deletedo you provide training , how to reach you thanks
ReplyDeleteDo you provide training please update me
ReplyDeleteI don’t provide any training , but i can help you if you have any questions on any specific topics . I am reachable at vishalkejriwal26@gmail.com
DeleteDear Vishwal, can you help me in two level workflow when AD user creating, when the after approval process done only user should be create in AD.
Deleteregards
Ramesh
I have serious security concerns about Sailpoint Identity IQ need to connect EVERY IQ host to EVERY Domain controller that is managed on ports 3268,3269, 389,636. As a server outside of the domain it should utilize the IQService within each domain/domain trust and not directly from IIQ. This security hole would allow an attacker to utilize IIQ as a single pivot point to all managed domains with provisioning/deprovisioning permission.
ReplyDeleteCan we configure Exchange application with these Disable Exchange ActiveSync
ReplyDeleteDisable OWA for Devices
Disable Outlook on the web
Message Size Restriction
Sent messages size : 13314 KB
Received Message Size: 13314 KB