MicroStrategy ONE
Install and Configure the Identity Agent for Microsoft AD
- On the machine where you want to install the Identity Agent for Microsoft Active Directory, open and run the Identity Agent installation file as an administrator by right-clicking on
cluster_AD_installer.exe
to select Run as administrator. The Identity Agent installation wizard opens. Do the following:- Review the information on the Welcome screen and click Next.
- After you accept the license agreement, click Next.
Click Finish.
If the APT does not open automatically when you finish installing the Identity Agent, you can open it by navigating to its file location. To navigate to the default file location, click the Windows Start button, click All Programs, and expand the Identity Agent for the Microsoft Active Directory folder. Right-click Config Identity Agent for Microsoft Active Directory GUI and select Run as administrator.
- In the APT, select Register new agent and click Next.
- In the first dialog window, to register the initial connection between MicroStrategy Identity Server and the Idneity Agent, do the following:
- In the MicroStrategy Identity Server URL (One-way SSL) field, enter the URL provided by Identity Manager, as described inCreate a CSR in Microsoft AD.
- If the Agent is be being installed within a network protected by a proxy, you must add the proxy information to the Agent.
- Click the drop-down menu next to Is the network protected by proxy or firewall? and choose Proxy.
- Provide the proxy host, port, username, and password.
- If MicroStrategy Identity Server is installed in your IT infrastructure, you must add its Certificate Authority (CA) chain to the Identity Agent's CA trust store. If the chain contains more than one certificate, each one must be imported individually.
- Click the drop-down menu next to Is MicroStrategy Identity Server CA included in truststore? and choose No.
- Click Add CA to truststore.
- Enter an Alias for the CA certificate. Existing CA names should not be used.
- In the Certificate Path field, enter the path to the CA certificate, or click Browse to navigate to the file.
- Click Add to import the certificate into the trust store.
- In the CSR file path field, enter the path to the CSR, or click Browse.
- In the Registration code field, enter the code provided by Identity Manager, as described in Create a CSR in Microsoft AD. If the registration code has expired, click the refresh icon in Identity Manager to acquire a new code.
- Click Submit to go to the next dialog window.
- In the second dialog window, set up the connection between MicroStrategy Identity Gateway and the Identity Agent:
- The Organization ID and Application ID are pre-populated from the initial connection to MicroStrategy Identity Server. The Application ID should match the Agent ID provided by Identity Manager, as described in Create a CSR in Microsoft AD.
- In the Private key path field, enter the path to the private key, or click Browse to navigate to the file.
- The Gateway URL is pre-populated from the initial connection to MicroStrategy Identity Server.
- If MicroStrategy Identity Gateway is installed in your IT infrastructure and uses a different CA than MicroStrategy Identity Server, you must add its CA chain to the Identity Agent's CA trust store. If the chain contains more than one certificate, each one must be imported individually. See step 3c for instructions.
- Ensure that the drop-down menu next to Please choose the agent adapter type has selected AD agent.
- You can display a profile photo on each user's MicroStrategy Badge, as described in Including Profile Photos in Microsoft Active Directory. If the URL used to access Active Directory user photos requires authentication, you must provide credentials to the Agent to access photo files.
- Click the drop-down menu next to Does your photo URL need authentication? and choose Yes.
- Provide the username and password.
- Click Next.
- In the third dialog window, to set up the connection between the Identity Agent and your Microsoft Active Directory server, do the following:
- You can secure the communication between the Identity Agent and your Microsoft Active Directory server using LDAP over SSL (LDAPS).
- Click the drop-down menu next to Do you want to use LDAPS (LDAP over SSL) to access this server? and choose Yes.
- Enter the file path to the Java keystore (.jks) file that stores the certificate, as described in the Prerequisites above. Alternatively, click Browse to navigate to the file.
- To set up the communication between the Identity Agent and your Microsoft Active Directory server, under AD Setup, specify the following information:
- LDAP server address field, type the IP address of your Microsoft Active Directory server.
- In the Server port field, type the port of your Microsoft Active Directory server. The default port for LDAP communication is 389, and the default port for LDAPS communication is 636.
- Username (domain\username) field, type the User name of an account that has access to your Microsoft Active Directory server. Depending on your Active Directory configuration, enter the user name in the format
domain\username
. - Password and Confirmed password fields, type the password for the Microsoft Active Directory account.
- Click Submit.
- Click OK.
Next, Add Microsoft Active Directory Information to MicroStrategy Identity and Synchronize Users.