Supported Features

The connector supports the following features:

Account Management

Active Directory Users	Manages Active Directory Users as Accounts Aggregation, Delta Aggregation, Partitioning Aggregation, Refresh Account, Pass Through Authentication, Delta Partitioning Aggregation Create, Update, or Delete Enable, Disable, Unlock, or Change Password Add/Remove Entitlements (includes Foreign Security Principals) Terminal Services, Dial-in Attributes Create, Update, or Delete Exchange User Mailbox Create, Update, or Delete Exchange Mail User Create, Update, or Delete Skype for Business user Enable or Disable, setting policies for Skype for Business user Reset Skype for Business user PIN Password Interception
Active Directory Contacts	Manages Active Directory Contacts as Accounts Aggregation, Delta Aggregation, Partitioning Aggregation, or Refresh Account Create, Update, or Delete Add or Remove Entitlements Create, Update, or Delete Exchange Mail Contact
Active Directory Service Accounts (Managed Service Accounts/Group Managed Service Accounts)	Aggregation, Partitioning Aggregation, or Refresh Account Create, Update, or Delete Add or Remove Entitlements

Account - Group Management

Manages Active Directory Groups as Account-Groups
Aggregation, Delta Aggregation, Refresh Group
Create, Update, or Delete
Create or Delete Exchange Distribution List

Microsoft Exchange Shared Mailbox

Manage Shared Mailbox as Account Groups. For more information, see Microsoft Exchange Shared Mailbox.

Active Directory Resource Forest Exchange Management

For more information, see Active Directory Resource Forest Topology Exchange Management.

Permission Management

Application can be configured for following unstructured target collectors to read permissions from the following end system:
Windows File Share: Read Windows File Share permissions directly assigned to accounts and groups.
Supports automated revocation of the aggregated permissions and creates work items for requests only when the default provisioning action is overridden, and Manual Work Item is selected as the provisioning action.

Other

Restore deleted objects (Active Directory Accounts and Groups) using 'Active Directory Recycle Bin'
Supports executing native before/after scripts for provisioning requests
Provides support for Simple Authentication and Security Layer (SASL) when binding to Active Directory
Active Directory Connector provides support for serverless configuration for better reliability and ease of configuration.
For more information, see Prerequisites.
IQService support TLS and client authentication to ensure the channel is secure and IQService is communicating with legit Client (IdentityIQ).
Supports Auto Partitioning. For more information, see Account and Group Settings.
Supports reusing of Ticket Granting Tickets (TGT) for Kerberos authentication during aggregation tasks. To revert to the earlier implementation (non-cached) an additional attribute named adSystemConfUseUpdatedSASLCommunication can be added to the system configuration.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here: