Add an Identity Source

To use an existing LDAP directory with RSA Authentication Manager, use the Operations Console to add the directory as a new identity source.

A deployment can have up to thirty identity sources. If you are using Active Directory, Global Catalogs configured as identity sources do not count against this limit.

Before you begin

  • You must be a Super Admin.

  • This procedure requires you to make informed decisions about the information that you enter. For more information about the identity source properties in this procedure, see Identity Source Properties.

  • For full functionality, establish an SSL connection between Authentication Manager and the identity source. For more information, see Identity Source SSL Certificates.

  • Before adding an OpenLDAP directory identity source, review the required settings. For more information, see OpenLDAP Attribute Requirements.

Note: Depending on the network or firewall configuration, you might not be able to validate the connection information from the primary server.


  1. Log on to the Operations Console on the primary instance.

  2. Click Deployment Configuration > Identity Sources > Add New.

  3. When prompted, enter your Super Admin User ID and password.

  4. In the Identity Source Basics section, specify:

    • Identity Source Name. The name of the identity source that is displayed in the Security Console.

    • Type. The type of the identity source that you are adding.

    • Notes. Information about the identity source.

  5. In the Directory Connection - Primary section, do the following:

    • Enter the requested information in the following fields. For detailed information, see Identity Source Properties.

      • Directory URL

      • Directory Failover URL

      • Directory User ID

      • Directory Password

    • Click Test Connection to ensure that the primary instance can connect to the specified directory. If the test fails, make sure that you have correctly imported the certificate for this identity source.

  6. If you have a replica instance, complete the fields in the Directory Connection - Replica section, and click Validate Connection Information to verify that the primary instance can connect to the identity source. If the attempt fails, do the following:

    1. Verify that you entered the correct settings.

    2. If the settings are correct, make sure the primary instance is able to connect to the identity source.

    3. If the primary instance is able to connect to the identity source, make sure no other network issues are causing the connection failure.

    4. After you make any necessary changes, click Validate Connection Information again.

  7. Click Next.

  8. Provide the requested information for each of the following sections on the Add Identity Source - Map page. For detailed information, see Identity Source Properties.

    • Directory Settings

    • (Optional) Active Directory Options

    • Directory Configuration - User Tracking Attributes

    • Directory Configuration - Users

    • Directory Configuration - Users Groups

  9. Click Save.

After you finish

  • Use the Security Console to link the new identity source to the system.

  • If you are logged on to the Security Console, you must log off and log back on to view the new identity source.