Manage directories

You can add an on-premise directory or an Microsoft Entra ID directory to sync your directory users and groups with Identity as a Service. Users synced with your Active Directory or Microsoft Entra ID can use their directory password to log in to Identity as a Service.

note

The Enterprise Service Gateway supports AD, ADLDS, and Radiant Logic directories.

See the following topics:

1. To sync users and groups from Active Directory server, use Configure an on-premise a directory Active Directory.
2. To sync users and groups from Microsoft Entra ID, use Configure Microsoft Entra ID.
3. To sync users and groups from an LDAP directory, see Configure an LDAP directory.
4. To sync users and groups with an AD Connector, use Configure an AD Connector directory.
5. To sync users and groups from Microsoft Entra ID, use Integrate Microsoft Entra ID with Identity as a Service.

Permission requirements

For active directory (AD) sync to succeed, the AD administrator account must have read-only access to the top of the context root. The AD user whose User Name and Password are entered as part of the directory settings in Identity as a Service must have read-only access to AD.  

To authorize Identity as a Service to access your Microsoft Entra ID, you should use a designated administrator service account. This account must have the Global Administrator role for the configuration of the directory in Identity as a Service.

For AD Connector, the AD user must have rights to change password on behalf of other users, otherwise password change will not work.

Topics in this section

📄️Configure an on-premises Active Directory

You can create an on-premises directory to sync users and groups from your Active Directory to Identity as a Service.

📄️Configure Microsoft Entra ID

You can configure an Microsoft Entra ID directory to manage your users and groups through Identity as a Service. You can also manage your Microsoft Entra ID password (change or reset) through Identity as a Service and can use them to log in to Identity as a Service.

📄️Configure an LDAP directory

Configure an LDAP directory to on-board users and groups that are stored in an LDAP directory other than Active Directory. When configured, users can use their LDAP directory password for first-factor authentication.

📄️Trigger on-demand synchronization

For on-premises directory, the Crawl Frequency setting defines how often (in milliseconds) the directory information on your Identity as a Service account is updated to match the information in the corporate directory it is synchronized with. The crawl frequency is set to 1 hour by default. For Microsoft Entra ID, automatic synchronization occurs every 8 hours. You cannot change this value.

📄️Map Immutable ID to the directory attribute

Complete this procedure to map an Identity as a Service custom user attribute to the user’s objectGUID value in your directory account. The objectGUID attribute value is imported and applied to the ImmutableID attribute in Identity as a Service through Active Directory Sync. Being able to map the Immutable ID attribute to an objectGUID helps to streamline the configuration of specific SAML applications (such as Office 365) with Identity as a Service.

📄️Manage configured directories

This section reviews tasks that you can complete after you configure a directory.

🗃Configure an AD Connector directory (Preview)

2 items

🗃Integrate Microsoft Entra ID with Identity as a Service

4 items