Create the Global Catalog

1. Login to the primary Operations Console and select Deployment Configuration > Identity Sources > Add New.
2. On the Connection(s) tab, enter the name of the new identity source. This is a friendly name that will be seen in the Security Console, such as Corporate AD.
3. Choose the type of identity source (i. e., Microsoft Active Directory or Oracle Directory Server/Sun Java System Directory Server).
4. Add any notes, if needed. 
5. For the primary Authentication Manager server, key in information for the following required fields:

• Identity Source Name;
• Directory URL;
• (Optional) Directory Failover URL;
• Directory User ID. Be advised that this account must be an identity source administrator with the ability to read the entire directory structure and attributes; and
• Directory password  (password for the user defined above).

6. Click Test Connection to ensure that the primary instance can connect to the specified directory. Correct any errors and try again.
7. If there is a replica server in the deployment, complete the fields in the Directory Connection - Replica section and click Validate Connection Information to verify the connection.

Image description

8. When the connections are verified as correct, click Next to move to the Map tab.
9. Under Directory Settings, ensure that the values for the User Base DN and for User Group Base DN are blank.
10. Under Active Directory Options, check the option that the Directory is an Active Directory Global Catalog.  This removes the attribute that users authenticate to this identity source.
11. When done, click Save and Finish.

Image description

 
Add an Administrative Identity Source (Domain Controller)​

1. Login to the Operations Console and select Deployment Configuration > Identity Sources > Add New.
2. On the Connection(s) tab enter the name of the new identity source. This is a friendly name that will be seen in the Security Console, such as Corporate AD.
3. Choose the type of identity source (i. e., Microsoft Active Directory or Oracle Directory Server/Sun Java System Directory Server).
4. Add any notes, if needed. 
5. For the primary Authentication Manager server, key in information for the following required fields:

• Identity Source Name;
• Directory URL;
• Directory Failover URL (note this field is optional);
• Directory User ID. Be advised that this account must be an identity source administrator with the ability to read the entire directory structure and attributes;
• Directory password  (password for the user defined above).

6. Click Test Connection to ensure that the primary instance can connect to the specified directory. Correct any errors and try again.
7. If there is a replica server in the deployment, complete the fields in the Directory Connection - Replica section and click Validate Connection Information to verify the connection.

Image description

8. When the connections are verified as correct, click Next to move to the Map tab.
9. Under Directory Settings, fill in the information for the User Base DN and for User Group Base DN.  Most often these values are the same.  To include everyone in the domain, use the top most level (e. g., dc=domain,dc=com).
10. Under Active Directory Options, choose the option to authenticate users to a global catalog.  From the drop down choose the GC created above.
11. When done, click Save and Finish.

Image description

Link the External Identity Sources to the System

1. Login to the Security Console and select Setup > Identity Sources > Link Identity Source to System.
2. The newly created identity source should show in the Available list.
3. Select the identity source and, using the arrows, move the identity source to the Linked box.
4. When done, click Save.

Image description