|Applies To||Authentication Manager 7.1 or later AM 8.0 AM 8.1|
A new concept in AM 7.1 is the external Identity Source, where RSA users ?live? in an Active Directory Domain (or other LDAP Directory), while their tokens ?live? in the RSA AM Internal database. This is like a Real-Time LDAP Synchronization in the 6.1.2 world, so if users are added or deleted in Active Directory, they are added or (disabled) in RSA in real time. However if the network connection between RSA and Active Directory does down (or the Admin Password is changed), no one can authenticate because RSA AM cannot ?see? the users in AD.
You can also migrate your 6.1.2 Users and their Tokens into AM 7.1. If you would like to use an External Identity Source in 7.1, and your current 6.1.2 (Appliance 2.0) Users originally came from Active Directory, you can migrate in that fashion. See KB a63122 or KB a63192
Authentication Manager 7.1, AM 7.1 SP4, AM 8.0, AM 8.1
|Issue||How to create an External Identity Source to Active Directory in AM 7.1 or later, How do I create an external Identity source?|
Export Failed: There is an error with the user record. The identity source contains no value for the attribute set as the Unique Identifier for the user. Edit the user record in the directory to add a value. This indicates you are not using objectGUID as the unique Identifier in your external IS, and are using something else such as exuid or employeeNumber, and there is at least 1 blank entry in this unique Identifier field in at least 1 record
You create an External Identity source in RSA from the Operations Console, https://<RSA_Server>:7072/operations-console/
This should be a good basis for a user to start.
|Legacy Article ID||a63091|