Identity Sources for Self-Service Users

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

The identity source where the users’ accounts are stored affects which actions users can perform using the Self-Service Console. You can use the internal database, Active Directory, Oracle Directory Server, and OpenLDAP as identity sources.

If an Active Directory, Oracle Directory Server, or OpenLDAP has the “change password during next logon” option set, you cannot enroll users in Self-Service.

Using the Internal Database as an Identity Source

Authentication Manager can read and write data to the internal database. Users whose accounts are in the internal database can use the Self-Service Console to perform all actions for which their administrator has configured permissions. For example, these actions may include resetting passwords or entering phone numbers or e-mail addresses on the Identity Confirmation Method configuration page for on-demand authentication with risk-based authentication (RBA).

Using Active Directory as an Identity Source

Users whose accounts are in Active Directory cannot use the Self-Service Console to perform any actions that require Authentication Manager to access Active Directory. For example, users whose accounts are stored in Active Directory cannot use the Self-Service Console to change their Self-Service passwords. Authentication Manager has read-only access to Active Directory for all user and user group data.

Using Oracle Directory Server as an Identity Source

Users whose accounts are in Oracle Directory Server cannot use the Self-Service Console to perform any actions that require (Undefined variable: searchFieldsNotCaseSensitive.Short Server Name) to access Oracle Directory Server. Authentication Manager has read-only access to Oracle Directory Server for all user and user group data.

Using OpenLDAP as an Identity Source

Users whose accounts are in OpenLDAP cannot use the Self-Service Console to perform any actions that require Authentication Manager to access OpenLDAP. Authentication Manager has read-only access to OpenLDAP for all user and user group data.

Related Tasks

Configuring Self-Service

 

 


Attachments

    Outcomes