Strong Authentication (SASL) Permissions

For Strong authentication (SASL), a single service account can be used for multiple domains/forests.

Prerequisites

The domains must have two-way trust.
The service account must have delegated permissions across other domains for user, contact, and group objects.

Permissions must be delegated to the service account. Use the Delegation Control Wizard to delegate permissions to the contact.

To delegate permissions using the Delegation Control Wizard, complete the following:

Open Active Directory Users and Computers.
Right-click on the Domain and select Delegate Control to open Delegation of Control Wizard and then select Next.
Select the Add button to add a service account user and then select Next.
Select Create a custom task to delegate and then select Next.
Only select the following objects in the folder option: User Objects, Contact Objects, Group Objects, and Create/Delete the selected objects in the folder.
On the next screen, under Permissions select Full Control, then select Next.
Select Finish.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Strong Authentication (SASL) Permissions

Prerequisites

Documentation Feedback