Create a Microsoft Active Directory (AD) Bridge
To create a Microsoft Active Directory (AD) Bridge that provides a link between your AD enterprise directory structure and Oracle Identity Cloud Service, you must be assigned to either the identity domain administrator role or the security administrator role. You must also have administrative rights to access the AD domain that you want to monitor by using the bridge.
Part of creating the AD Bridge is providing administrative credentials for both AD and Oracle Identity Cloud Service. The bridge requires these credentials to communicate with AD and Oracle Identity Cloud Service as an administrator.
See Add or Remove a User Account from an Administrator Role for more information about assigning administrator roles to users.
Important:
-
Generic Read for the users and groups in the AD domain that you want to import into Oracle Identity Cloud Service
-
Generic Read for all organizational units (OUs) in the domain
-
Generic Read for the cn=Configuration container in the domain
-
The List Children and Read properties for the cn=Deleted Objects container with inheritance
If this account is also used to configure delegated authentication for the AD Bridge, then the account should have the following permissions:
-
Change Password
-
Reset Password
-
Read pwdLastSet
-
Write pwdLastSet
-
Read lockoutTime
-
Write lockoutTime
See Set Permissions for Your Microsoft Active Directory (AD) Account.
You can access the Managing Security Settings infographic to see how to create an AD Bridge.