Securing Communication Path Between IdentityIQ and Active Directory Domain Controller/ Target System

To secure a TLS connection for Active Directory, TLS communication must be enabled between the Active Directory connector and the Active Directory Server. For a Java client to connect using TLS and self-signed certificates, install the certificate into the JVM key-store.

The Common Name (CN) in the Subject and DNS entry in the Subject Alternative Name fields in SSL certificate must match the fully qualified domain name (FQDN) of the server.

Note
The FQDN of the Active Directory host must be specified (instead of IP address) in the Servers field when the Use TLS option is selected under Domain Configuration.

To enable TLS communication, complete the following:

Export server certificate and copy the exported .cer file to the IdentityIQ host.
Execute the following command from the bin directory of JDK:

keytool -importcert –trustcacerts –alias aliasName –file <absolute path of certificate> -keystore <JAVA_HOME>/jre/lib/security/cacerts

In the preceding command line, aliasName is the name of the alias.
Create the Active Directory application and provide all the required values after selecting the Use TLS for IQService checkbox.
Select Test Connection and then Save.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Securing Communication Path Between IdentityIQ and Active Directory Domain Controller/ Target System

Documentation Feedback