Microsoft Active Directory Integration Reference
Microsoft Active Directory Components Certified for Integration with Oracle Access Governance
The Microsoft Active Directory components that you can integrate with are listed below.
Table - Certified Components
Component Type | Component |
---|---|
System | Microsoft Active Directory/ Microsoft Active Directory Lightweight Directory Services (AD LDS)
|
Supported Configuration Modes for Microsoft Active Directory Integrations
Oracle Access Governance integrations can be setup in different configuration modes depending on your requirement for on-boarding identity data, and provisioning accounts.
- Authoritative Source
You can use Microsoft Active Directory as an authoritative (trusted) source of identity information for Oracle Access Governance.
- Managed System
You can manage Microsoft Active Directory accounts and groups.
Supported Operations When Provisioning To Microsoft Active Directory
When you provision an account from Oracle Access Governance to Microsoft Active Directory certain operations are supported.
The Microsoft Active Directory Orchestrated System supports the following account operations when provisioning a user:
- Create user
- Update user
- Delete user
- Enable user
- Disable user
- Reset password
- Add group
- Remove group
For more details see Oracle Access Governance Integration Functional Overview and Integrate Oracle Access Governance with Microsoft Active Directory.
Default Supported Attributes
Oracle Access Governance supports the following default Microsoft Active Directory and Microsoft Active Directory Lightweight Directory Services attributes.
Table - Default Attributes for Microsoft Active Directory/Microsoft Active Directory Lightweight Directory Services - Authoritative Source
Entity | Microsoft Active Directory/Microsoft Active Directory Lightweight Directory Services Account Attribute | Oracle Access Governance Account Attribute | Oracle Access Governance Identity attribute display name |
---|---|---|---|
User | ObjectGUID | uid | Unique Id |
sAMAccountName | name | Employee user name | |
givenName | firstName | First name | |
middleName | middleName | Middle name | |
sn | lastName | Last name | |
displayName | displayName | Name | |
distinguishedName | fullDN | User full DN | |
manager | managerLogin | Manager | |
containerDN | Container DN | ||
|
status | Status | |
department | department | Department | |
l | location | Location | |
c | country | Country | |
o | organizationName | Organization Name | |
homePhone | homePhone | Home Phone | |
mobile | mobile | Mobile | |
description | description | Description | |
employeeNumber | employeeNumber | Employee Number | |
employeeId | employeeId | Employee Id |
Table - Default Attributes for Microsoft Active Directory/Microsoft Active Directory Lightweight Directory Services - Managed System
Entity | Microsoft Active Directory/Microsoft Active Directory Lightweight Directory Services Account Attribute | Oracle Access Governance Account Attribute | Oracle Access Governance Identity attribute display name |
---|---|---|---|
User | ObjectGUID | uid | Unique Id |
sAMAccountName | name | User Login | |
unicodePwd | password | Password | |
distinguishedName | fullDn | User full DN | |
userPrincipalName | userPrincipalName | User principal name | |
givenName | firstName | First name | |
middleName | middleName | Middle name | |
sn | lastName | Last name | |
displayName | fullName | Name | |
cn | commonName | Common name | |
__parentDN__ | organizationName | Organization (Parent distinguished name) | |
|
passwordNeverExpires | Password never expires | |
pwdLastSet | userMustChangePasswordAtNextLogon | User must change password at next logon | |
|
passwordNotRequired | Password not required | |
lockoutTime | accountisLockedout | Account is locked out | |
telephoneNumber | telephoneNumber | Telephone number | |
accountExpires | accountExpirationDate | Account expiration date | |
postOfficeBox | postOfficeBox | Post office box | |
l | location | Location | |
st | state | State | |
postalCode | zip | Zip | |
homePhone | homePhone | Home phone | |
mobile | mobile | Mobile | |
pager | pager | Pager | |
facsimileTelephoneNumber | fax | Fax | |
ipPhone | iPPhone | IP phone | |
title | title | Title | |
department | department | Department | |
company | company | Company | |
manager | manager | Manager | |
physicalDeliveryOfficeName | office | Office | |
c | country | Country | |
streetAddress | street | Street | |
homeDirectory | homedirectory | Home directory | |
|
status | Status | |
o | oAsOrganization | Organization (o) | |
description | description | Description | |
employeeNumber | employeeNumber | Employee Number | |
employeeId | employeeId | Employee Id | |
Group Name | groups as entitlement |
Default Matching Rules
In order to map accounts to identities in Oracle Access Governance you need to have a matching rule for each orchestrated system.
The default matching rule for the Microsoft Active Directory and Microsoft Active Directory Lightweight Directory Services (AD LDS) orchestrated system is as follows:
Table - Default Matching Rules
Mode | Default Matching Rule |
---|---|
Authoritative Source Identity matching checks if incoming identities match an existing identity or are new. |
Screen value:
Attribute name:
|
Managed System Account matching checks if incoming accounts match with existing identities. |
Screen value:
Attribute name:
|
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.