Purpose : Here, we will be discussing about the SailPoint IIQ Pass-Through Authentication with respect to custom Active Directory attribute using Global Catalog Server.

Quick Description :

What is Pass-Through Authentication ?

Pass-Through Authentication, the user logs in to the IdentityIQ application through the normal IdentityIQ login page but the system validates the user’s credentials against an external source, “passing” the ID and password “through” to the authorizing system instead of consulting IdentityIQ’s internal records.

What is Global-Catalog server ?

The global catalog contains a partial replica of every naming context in the directory like, the schema and configuration naming contexts But, with only a small number of their attributes.

Requirements Context :

In a multi domain environment, it would be efficient to use global catalog because IIQ does not need to traverse through all the LDAP referrals returned for different domains during user login authentication. When using a Custom Active Directory attribute for correlation, where that attribute is not promoted to global catalog repository, then the SailPoint IIQ will be driven to a tangled state which results in Pass-Through Authentication Failure.

In order to overcome such scenarios, we can

Continue Reading