Modify a Microsoft Active Directory (AD) Bridge

You can use the Directory Integrations page to modify a Microsoft Active Directory (AD) Bridge.

1. In the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Directory Integrations.
2. Click the AD Bridge that you want to modify.
3. To edit configuration information about the AD Bridge, go to step 4. Otherwise, go to step 5.
4. Click Configuration.
   1. In the Select organizational units (OUs) for users and Select organizational units (OUs) for groups panes, select or deselect check boxes to enable or prevent Oracle Identity Cloud Service from importing users and groups using the AD Bridge.
      See Configure a Microsoft Active Directory (AD) Bridge for more information about the Select organizational units (OUs) for users and Select organizational units (OUs) for groups panes.
   2. In the Supported Operations area, select or deselect check boxes to enable or prevent Oracle Identity Cloud Service from propagating changes for a user's activation status, attribute values, or group memberships to AD.
      See Configure a Microsoft Active Directory (AD) Bridge for more information about the Supported Operations area.
   3. In the Set import frequency area, change how often you want Oracle Identity Cloud Service to use the AD Bridge to import users and groups from AD.
   4. In the Configure Attribute Mappings area, click Edit Attribute Mappings. The Edit Attribute Mappings window opens and two tabs appear:
      • Microsoft Active Directory to Identity cloud: In this tab, you can modify inbound attribute mappings from AD to Oracle Identity Cloud Service.
      • Identity cloud to Microsoft Active Directory: Use this tab to modify outbound attribute mappings from Oracle Identity Cloud Service to AD.

      1. Click the Microsoft Active Directory to Identity cloud or Identity cloud to Microsoft Active Directory tab.

      2. In the Directory User Attributes and Oracle Identity Cloud Service User Attributes columns, change the AD or Oracle Identity Cloud Service attribute used for the predefined or custom attribute mapping.

      3. To remove an attribute mapping, click the X button to the right of the mapping.

         Note:

         Inbound attribute mappings with asterisks in the Microsoft Active Directory to Identity cloud tab are required by the AD Bridge to pass values associated with AD user accounts into Oracle Identity Cloud Service so that the accounts can be created in Oracle Identity Cloud Service. You can't delete these mappings.

      4. Click Save to close the Edit Attribute Mappings window.

      See Define Attribute Mappings for a Microsoft Active Directory (AD) Bridge for more information about the Directory User Attributes and Oracle Identity Cloud Service User Attributes columns of the Microsoft Active Directory to Identity cloud and Identity cloud to Microsoft Active Directory tabs of the Edit Attribute Mappings window.
   5. In the Authentication Settings area, select the Enable local authentication option if you want users to use their Oracle Identity Cloud Service or their AD passwords to sign in to Oracle Identity Cloud Service to access Oracle Identity Cloud Service-protected resources.

      If you select this option, then configure delegated authentication for the AD Bridge. See Configure a Microsoft Active Directory (AD) Bridge.

      If you select Enable local authentication, then select or deselect Don't send Welcome Notifications to enable or prevent Oracle Identity Cloud Service from notifying users by email that they must activate the Oracle Identity Cloud Service accounts that are created for them.

      Otherwise, select Enable federated authentication to have users use their federated accounts to sign in to Oracle Identity Cloud Service.

   6. Click Save.
   7. In the Confirmation window, click OK.
   See Configure a Microsoft Active Directory (AD) Bridge for more information about the areas of the Configuration tab.