1. Administering Oracle Identity Cloud Service
  2. Configure Administrator Settings
  3. Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service
  4. About the Microsoft Active Directory (AD) Bridge

About the Microsoft Active Directory (AD) Bridge

The Microsoft Active Directory (AD) Bridge provides a link between your AD enterprise directory structure and Oracle Identity Cloud Service.

Prerequisite

Enable AD Bridge. This is Standard License feature. To learn about these features, see Standard License Tier Features for Oracle Identity Cloud Service.

Topics:

Understand the Microsoft Active Directory (AD) Bridge

The Microsoft Active Directory (AD) Bridge provides a link between your AD enterprise directory structure and Oracle Identity Cloud Service. Oracle Identity Cloud Service can synchronize with this directory structure so that any new, updated, or deleted user or group records are transferred into Oracle Identity Cloud Service. Each minute, the AD Bridge polls AD for any changes to these records and brings these changes into Oracle Identity Cloud Service. So, if a user is deleted in AD, then this change will be propagated into Oracle Identity Cloud Service. Because of this synchronization, the state of each record is synchronized between AD and Oracle Identity Cloud Service.

After users are synchronized from AD to Oracle Identity Cloud Service, if you activate or deactivate a user, modify the user's attribute values, or change the group memberships for the user in Oracle Identity Cloud Service, then these changes are propagated to AD through the AD Bridge.

Note:

The AD organizational units (OUs) contain the users and groups that are imported into Oracle Identity Cloud Service.

You can configure Oracle Identity Cloud Service to synchronize with one or multiple AD domains by installing an AD Bridge for each domain.

Note:

You must install the AD Bridge on the machine that’s attached to the Microsoft Active Directory domain for auto discovery. You don’t have to install the bridge on the domain controller.

Figure 17-1 Inbound Directory Synchronization

Inbound directory synchronization from AD to Oracle Identity Cloud Service by installing and configuring an AD Bridge for each AD domain.

Figure 17-2 Outbound Directory Synchronization

Outbound directory synchronization from Oracle Identity Cloud Service to AD for updates to a user's activation status, attribute values, or group memberships.

In the diagram above, Clarence Saladna (CSALADNA) is a user who's been synchronized from AD to Oracle Identity Cloud Service through the AD Bridge. In Oracle Identity Cloud Service, an administrator deactivates Clarence's account because he's on vacation. Also, because Clarence received a promotion, he has a new job title of Director and belongs to different groups that are associated with his new role, including the Executive and Management groups. The AD Bridge can be used to propagate these changes to AD.

Both the AD Bridges and your AD enterprise directory structure are in your Microsoft Windows environment (for example, Microsoft Windows 2003). Because Oracle Identity Cloud Service is an Oracle Cloud service, it's in an Oracle environment.

Figure 17-3 Bridge Security

The Internet connection that links each AD Bridge to Oracle Identity Cloud Service contains a firewall.

Note:

If an AD user attribute is multi-valued, then the AD Bridge will transfer only the first value of the attribute into Oracle Identity Cloud Service.

You can access the Integrating with Active Directory Using Identity Bridge tutorial to see how to integrate AD and Oracle Identity Cloud Service.

Certified Components

With the Microsoft Active Directory (AD) Bridge, Oracle Identity Cloud Service can connect to your AD enterprise directory structure.

The following table lists the certified versions for Oracle Identity Cloud Service, AD, your operating system, and the Microsoft .NET software framework (which is required for the AD Bridge to run).

Oracle Identity Cloud Service AD 64–Bit Operating System .NET Framework
20.1.3

Microsoft Windows Server 2008

Microsoft Windows Server 2008 R2

Microsoft Windows Server 2012

Microsoft Windows Server 2012 R2

Microsoft Windows Server 2016

Microsoft Windows Server 2019

 Yes

Windows 10 v1607 or later

Windows Server 2016 or later

 Version 4.6+

Statuses

Learn about the various statuses for Microsoft Active Directory (AD) and the AD Bridge.

There are two statuses for the AD domain with which the AD Bridge is communicating:

  • Partially Configured: The AD Bridge is installed, but it's not configured to communicate with either the AD domain or Oracle Identity Cloud Service.

  • Configured: The AD Bridge is installed and configured, and available to synchronize with the AD domain.

There are three statuses for the AD Bridge:

  • Active: The AD Bridge is installed and configured, and available to synchronize with AD to retrieve user accounts and groups.

  • Inactive: The AD Bridge is installed and configured, but it's not available to synchronize with AD. For performance reasons, this is done.

  • Unreachable: The AD Bridge is installed and configured. However, one of the following conditions has occurred:

    • The back-end service used to establish communication between Oracle Identity Cloud Service and AD is stopped.

    • The Oracle Identity Cloud Service administrator uninstalled the client associated with the AD Bridge, but the bridge couldn't be removed from the Directory Integrations page of the Identity Cloud Service console because the client can't connect to the Oracle Identity Cloud Service server. Oracle Identity Cloud Service can't use the bridge to communicate with AD. See Remove a Microsoft Active Directory (AD) Bridge.

    • The administrator regenerated the Client Secret for the AD Bridge, and then uninstalled the client for the bridge.

Hardware Requirements

Learn about the minimum hardware requirements for setting up the Microsoft Active Directory (AD) Bridge.

The minimum hardware requirements are, as follows:

  • 1 GB of RAM
  • 1 GB of disk space
  • A quad-core CPU