1. Administering Oracle Identity Cloud Service
  2. Configure Administrator Settings
  3. Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service
  4. Why Use the Microsoft Active Directory (AD) Bridge?

Why Use the Microsoft Active Directory (AD) Bridge?

Learn about why you should use the Microsoft Active Directory (AD) Bridge.

Most customers have AD as their central directory service. These customers also use AD as their network directory. This directory is where all of their workstations are connected to and from where they manage their users.

In addition to AD, customers use an enterprise LDAP to centralize all of their user identities. So, a customer uses AD to manage their employees, but in the centralized LDAP, the customer manages their partners, consumers, and any other users with which the customer has relationships.

For these reasons, it's imperative that Oracle Identity Cloud Service can integrate with both AD and an enterprise LDAP (for example, Oracle Internet Directory).

By using Oracle Identity Cloud Service, customers can control when they will migrate their directory-based applications to the cloud. In the interim, they can use one of the following:
  • AD Bridge: This bridge provides a link between your AD enterprise directory structure and Oracle Identity Cloud Service. Oracle Identity Cloud Service can synchronize with this directory structure so that any new, updated, or deleted user or group records are transferred into Oracle Identity Cloud Service. Each minute, the bridge polls AD for any changes to these records and brings these changes into Oracle Identity Cloud Service. So, if a user is deleted in AD, then this change will be propagated into Oracle Identity Cloud Service. As a result, the state of each record is synchronized between AD and Oracle Identity Cloud Service. After the user is synchronized from AD to Oracle Identity Cloud Service, if you activate or deactivate a user, modify the user's attribute values, or change the group memberships for the user in Oracle Identity Cloud Service, then these changes are propagated to AD through the AD Bridge.
  • Provisioning Bridge: This bridge provides a link between your enterprise LDAP (such as Oracle Internet Directory) and Oracle Identity Cloud Service. Through synchronization, account data that’s created and updated directly on the LDAP is pulled into Oracle Identity Cloud Service and stored for the corresponding Oracle Identity Cloud Service users and groups. As a result, any changes to these records will be transferred into Oracle Identity Cloud Service. Because of this, the state of each record is synchronized between the LDAP and Oracle Identity Cloud Service. See Manage Provisioning Bridges for Oracle Identity Cloud Service.

This chapter focuses on using the AD Bridge to synchronize users and groups between AD and Oracle Identity Cloud Service.