Quick Description :
What is Pass-Through Authentication ?
Pass-Through Authentication, the user logs in to the IdentityIQ application through the normal IdentityIQ login page but the system validates the user’s credentials against an external source, “passing” the ID and password “through” to the authorizing system instead of consulting IdentityIQ’s internal records.
What is Global-Catalog server ?
Requirements Context :
In a multi domain environment, it would be efficient to use global catalog because IIQ does not need to traverse through all the LDAP referrals returned for different domains during user login authentication. When using a Custom Active Directory attribute for correlation, where that attribute is not promoted to global catalog repository, then the SailPoint IIQ will be driven to a tangled state which results in Pass-Through Authentication Failure.
In order to overcome such scenarios, we can
- Remove the Global Catalog Configuration (Not Recommended).
- Promote the Custom Active Directory attribute to global catalog repository.
In order to replicate the custom created attribute in Active Directory to the Global Catalog repository, we require a Active Directory Schema snap-in. which can be installed using the power-shell command
regsvr32 schmmgmt.dll as an administrator.
Once the Active Directory Schema Snap-in is installed, we can add this snap-in for further customization in the Microsoft Management Console (MMC).Here, inside the Active Directory Schema snap-in, we can replicate the custom created attribute to the Global Catalog server.