Active Directory Identity Sources that are Not Global Catalogs
In Active Directory, identity sources that are not Global Catalogs are used for administrative operations, such as enabling users for on-demand authentication and risk-based authentication. If you are not using a Global Catalog, this type of identity source is also used for finding and authenticating users. This type of identity source also maps to a domain controller.
If you want to administer Active Directory domain users in Authentication Manager, you must add an identity source for each domain that contains users who will authenticate with Authentication Manager.
For example, if an Active Directory forest has three domains and one Global Catalog, and you want to authenticate users in two of the domains, you must add an identity source for each of the two domains.
Note: Authentication Manager supports up to 30 identity sources that are not Global Catalogs per deployment. This limit does not include using the internal database as an identity source.
An identity source that is not a Global Catalog can use group membership data from all three types of Active Directory security groups: Universal Security, Global, and Domain Local. Authentication Manager does not support distribution groups of any kind for restricted agent access.
Related Articles
Identity Sources for Self-Service Users Number of Views Active Directory Global Catalog Identity Sources Number of Views Unlink Identity Sources from the System Number of Views RSA Authentication Manager Identity Sources Number of Views Allow Users to Authenticate on an Agent Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
