Integrating SailPoint with Active Directory

Revised Date: 14 August 2025

Note

IdentityIQ connector information is now available as online help and PDF. The online help also describes the latest updates for the connector.

To find documents related to a specific version of IdentityIQ, refer to the Supported Connectors for IdentityIQ page on Compass.

Configuration details for connectors may vary not only by release version but also by patch version. Be sure to refer to the correct documentation for your specific release and patch level.

This document is designed to give specific information about the requirements and field definitions needed to get a working instance of an Active Directory connector in IdentityIQ.

The SailPoint Active Directory connector offers complete management of your Active Directory infrastructure, which can be distributed across multiple domains/multiple forests. You can manage users, contacts, groups, Exchange mailbox, mail users, mail contacts, and Skype users front a single source.

For more information on what you can do with the Active Directory connector, refer to Supported Features.

  • Supports gMSA as a Service Account using Simple Authentication and Security Layer (SASL) protocol.

  • Exchange management operations with the Active Directory Connector will work with exchange server where certificate signing of PowerShell serialization payload is enabled. Refer Certificate signing of PowerShell serialization payload in Exchange Server - Microsoft Support for more information about this feature by Microsoft.

  • No longer supports Microsoft Exchange Server 2013 and Microsoft Lync Server 2013 as Microsoft has ended support.