RSA Authentication Manager Identity Sources
An identity source is a repository that contains user and user group data. Each user and user group in a deployment is associated with an identity source.
AM supports the following as identity sources:
An LDAP directory:
Note: The certificate used by the LDAPS protocol must be at least 2048 bits. For example, you must replace the default Oracle Directory Server certificate, which is 1024 bits.
In Active Directory, you can add a Global Catalog as an identity source, when some or all of the Active Directory servers in the Active Directory forest are used as identity sources. In such a case, you can use the Global Catalog for runtime activities, such as looking up and identifying users and resolving group membership within the Active Directory forest. You cannot use a Global Catalog identity source to perform administrative tasks.
Note: AM supports Active Directory Lightweight Directory Services (LDS) servers if the same server does not also have an Active Directory Domain Controller role. If a server has an Active Directory Domain Controller role, select that identity source type when connecting the identity source to AM.
Microsoft Active Directory 2016
Microsoft Active Directory 2019
Microsoft Active Directory 2022
Sun Java System Directory Server 7.0
Oracle Directory Server Enterprise Edition 11g
The default Oracle certificate keysize must be at least 2048
OpenLDAP 2.4.40
PingDirectory 10.0.0.2
The AM internal database
Data from an LDAP Directory
AM has read-only access to all LDAP directory identity sources. After a directory is integrated with AM, you can use the Security Console to do the following:
View (but not add or modify) user and user group data that resides in the directory.
Perform AM administrative tasks. For example, enable or disable the use of on-demand authentication (ODA) and risk-based authentication (RBA), or assign tokens or user aliasto individual users who reside in the directory.
You must use the LDAP directory native user interface to modify data in a directory.
Data from the Internal Database
AM provides an internal database where you can create users and user groups. For users and user groups in the internal database, administrators can use the Security Console to do the following:
Add, modify, and view user and user group data.
Enable or disable AM functions, such as ODA and RBA, for individual users, including users whose accounts are in an LDAP directory.
The following information is stored only in the internal database:
Data that is specific to AM, such as policies for administrative roles, and records for authentication agents and SecurID authenticators
Data that links AM with LDAP directory user and user group records
Related Articles
Unlink Identity Sources from the System Number of Views Edit an Identity Source Number of Views Delete an Identity Source SSL Certificate Number of Views View an Identity Source SSL Certificate Number of Views Remove an Identity Source Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
