Add Default Security Domain Mappings

Security domain mappings allow you to override the system’s default behavior of adding all users from an LDAP identity source to the top-level security domain. Using security domain mapping, you can configure the system to add users from an LDAP identity source into a specific security domain.

The following table contains examples of mapping from an external identity source to a lower-level security domain, where the hierarchy of the directory is Com > My Company > Sales > Commercial and Com > My Company > Sales > Retail.

Identity Source User Base DN

Security Domain





Before you begin

  • The identity source must be in your administrative scope.

  • You must have the Security Domain Mappings permission.


  1. In the Security Console, click Setup > Identity Sources > Default Security Domain Mapping.

  2. In the Identity Source field, select the identity source where you want to add security domain mappings.

  3. In the Security Domain Mapping section, click Add/Update Mapping.

  4. In the Distinguished Name field, enter the full DN for the object in the identity source that you want to map to a security domain. Specify the DN in standard LDAP Data Interchange Format, for example, ou=commercial,ou=sales.

  5. Enter the top-level organizational unit (OU) after the lower-level OU.

  6. From the Security Domain menu, select the security domain to which users in the DN should be added.

  7. Click Add.

  8. For each security domain you want to map, repeat steps 4 to 6.

  9. Click Save.

After you finish

To verify that the default mapping produces the desired results, test the mapping. For more information, see Test Default Security Domain Mappings.