I know within RSA SecurID Access you have the ability to use an LDAP filter to limit the scope of the actual users. Is there the ability to connect to a Global Catalog as an Identity Source while using an LDAP filter for the on-prem Authentication Manager solution? Typically you can specify the OU where user accounts would exists, however when using a Global Catalog, there will not be a single OU where all users would exist. Since there could be multiple forests/domains, there will be several OUs for user accounts.
I would also like to avoid bringing in service accounts, test account, or any non-human account as they would not be "identities". If I have a unified attribute that can distinctly identify a true user account, using an LDAP filter against this attribute would best resolve this issue.
Thanks in advance for your help.