Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Insert excerpt
IL:External Directory Prerequisites V21V23
IL:External Directory Prerequisites V21V23
nopaneltrue

AD Lightweight Directory Service (AD LDS) is a lighter version of Active Directory Domain Services that provides the means to maintain extranet directories separate from your Active Directory, create information consolidation stores, and authenticate web users with LDAP-based authentication. EmpowerID manages AD LDS in the same way that it manages an Active Directory account store.

Step 1 – Create an account store for AD LDS

  1. On the navbar, expand Admin > Applications and Directories and then click Account Stores and Systems.

  2. On the Account Stores page, select the Actions tab and then click Create Account Store.

    Image Modified

  3. Under System Types, search for LDS.

  4. Click Active Directory LDS (ADAM) to select the type and then click Submit.

Image Removed
  1. Image Added

  2. On the ADAM Settings page that appears, fill in the following information:

    1. Name and Display — Enter a name for the account store

    2. AD LDS Server — Enter the name of the Active Directory LDS server and the port number if other than 389. The format is Server Name:Port Number. If you are using LDAPS, type the Subject name of the certificate for the domain controller to which you are connecting followed by port 636 in the FQDN of Forest field. Thus, if the Subject name is "dc01.eiddoc.com," you enter dc01.eiddoc.com:636.

    3. Partition Suffix — Enter the partition suffix, for example: CN=PROD,DC=TheDotNetFactory,DC=COM

    4. Domain — Leave blank if using a native AD LDS user account or enter the name of the domain that the server hosting the AD LDS instance is a member of, e.g., PROD

    5. User Name — Enter the AD Account or the distinguished name of the AD LDS account, such as CN=Directory Manager,CN=Roles,DC=MyCompanyLDS,Dc=Com

    6. Password — Enter connection credentials that EmpowerID can use to manage AD LDS.

    7. Is Remote (Requires Cloud Gateway) — This setting appears for account stores with local directories, such as Active Directory, LDAP, SAP, etc. When enabled, this tells EmpowerID to use the Cloud Gateway Connection for that account store. The Cloud Gateway Connection must be installed on an on-premise machine. For installation information, please see Cloud Gateway Client for SaaS.

  3. When ready click Submit to create the account store.

  4. EmpowerID creates the account store and the associated resource system. The next step is to configure attribute flow between the account store and EmpowerID.

Step 2 – Configure attribute flow

Insert excerpt
IL:Configure Attribute Flow Rules-V21
IL:Configure Attribute Flow Rules-V21
nopaneltrue

Now that the attribute flow has been set, the next steps include configuring the account store and enabling EmpowerID to inventory it.

Step 3 – Configure account store settings

  1. On the Account Store and Resource System page for the account store, select the Account Store tab and then click the pencil icon to put the account store in edit mode.

Image Removed
  1. Image Added


    This opens the edit page for the account store. This page allows you to specify the account proxy used to connect EmpowerID to your AD LDS instance as well as how you want EmpowerID to handle the user information it discovers in AD LDS during inventory. Settings that can be edited are described in the table below the image.

    Image Modified


    Insert excerpt
    IL:AD Account Store Settings V21
    IL:AD Account Store Settings V21
    nopaneltrue

  2. Edit the account store as needed and then click Save to save your changes.

Tip

If you are using EmpowerID Cloud, you need to select the on-premise machine where you installed the EmpowerID Cloud Gateway. If you have yet to install the Cloud Gateway, please refer to Cloud Gateway Client for SaaS and then return to this step.

Include Page
IL:Select Cloud Gateway Server V21
IL:Select Cloud Gateway Server V21

Next, enable the Account Inbox permanent workflow to allow the Account Inbox to provision or join the user accounts in AD LDS to EmpowerID Persons as demonstrated below.

Tip

EmpowerID recommends using the Account Inbox for provisioning and joining.

Step 4 – Enable the Account Inbox Permanent Workflow

Insert excerpt
IL:Enable Account Inbox PW - V21
IL:Enable Account Inbox PW - V21
nopaneltrue

Step 6 – Monitor Inventory

Insert excerpt
IL:Monitor Inventory - V21
IL:Monitor Inventory - V21
nopaneltrue

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

Div
stylefloat: left; position: fixed;

IN THIS ARTICLE

Table of Contents
maxLevel4
minLevel2
stylenone