Previous Topic: How to Prepare for On-Premise ProvisioningNext Topic: Install CA IAM Connector Server

Identity Management ServiceGetting Started with Identity ManagementSet Up Identity Management Provisioning with Active Directory

Set Up Identity Management Provisioning with Active Directory

You can use Active Directory Server (ADS) to synchronize attribute data to supported endpoints. You do this by configuring CA IAM Connector Server to propagate local changes in Active Directory to a cloud-based identity store using a connector.

For example, assume that you have a SalesForce installation in the cloud. You could create an ADS group named "SalesForce" and then configure the CA IAM Connector Server to monitor that group. CA IAM Connector Server synchronizes any changes to the SalesForce environment in the cloud.

If you add a user to the ADS Salesforce group, CA IAM Connector Server uses the SalesForce connector to trigger a "Create User" action in the SalesForce environment proper.

To set up directory synchronization, follow this process:

  1. Install CA IAM Connector Server in your environment.
  2. Acquire the endpoints that you want to synchronize with. Consult the appropriate connector configuration documentation. You must acquire endpoints in order to create templates in step 4.
  3. Create one or more directory monitors. Monitors capture changes that you make in your local Active Directory, and report them for the synchronization.
  4. Create one or more synchronization templates. Templates control settings for the directory synchronization.

Flowchart showing the steps to set up directory sychronization