Active Directory Identity Sources that are Not Global Catalogs
In Active Directory, identity sources that are not Global Catalogs are used for administrative operations, such as enabling users for on-demand authentication and risk-based authentication. If you are not using a Global Catalog, this type of identity source is also used for finding and authenticating users. This type of identity source also maps to a domain controller.
If you want to administer Active Directory domain users in Authentication Manager, you must add an identity source for each domain that contains users who will authenticate with Authentication Manager.
For example, if an Active Directory forest has three domains and one Global Catalog, and you want to authenticate users in two of the domains, you must add an identity source for each of the two domains.
Note: Authentication Manager supports up to 30 identity sources that are not Global Catalogs per deployment. This limit does not include using the internal database as an identity source.
An identity source that is not a Global Catalog can use group membership data from all three types of Active Directory security groups: Universal Security, Global, and Domain Local. Authentication Manager does not support distribution groups of any kind for restricted agent access.
Related Articles
Identity Sources for Self-Service Users Number of Views Unlink Identity Sources from the System Number of Views Active Directory Global Catalog Identity Sources Number of Views Identity Sources Number of Views RSA Authentication Manager Identity Sources Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
