MicroStrategy ONE

Synchronizing Users from Microsoft Active Directory

You can add users to your Identity Network by synchronizing their information from Microsoft Active Directory. This provides a quick way to add users from an existing Active Directory server, keeping the user information between MicroStrategy Identity and your IDM system consistent and accurate. You can also add multiple agents under the same network, allowing you to cluster agents in the case of fail-over, or to provide support for high-availability.

Microsoft Active Directory is integrated with MicroStrategy Identity through a lightweight, Java-based application that communicates securely between the Active Directory server and MicroStrategy Identity Server. The application that performs this role is called the MicroStrategy Identity Agent. You can install this application for Microsoft Active Directory on a machine in your organization, enabling you to store your Active Directory credentials locally.

When the user information in Microsoft Active Directory is updated, the MicroStrategy Identity Agent provides the updated information to your MicroStrategy Identity Server.

To include user profile pictures in Microsoft Active Directory and to display the profile pictures on badges, see Including Profile Photos in Microsoft Active Directory.

Adding Users from Microsoft Active

If you have already added users to your MicroStrategy Identity network through Active Directory, you can manage them by defining the Active Directory groups or organizational units that are synchronized with your MicroStrategy Identity Network.

The steps below assume that you have created a MicroStrategy Identity Network and associated badge.

You have a Microsoft Active Directory server, accessible through LDAP protocol version 3.

You have administrator privileges to install the MicroStrategy Identity Agent

MicroStrategy recommends that you install the MicroStrategy Identity Agent on a different machine than your Microsoft Active Directory server.

The machine on which you install the MicroStrategy Identity Agent must meet the following requirements:

  • Windows Server 2008 R2 or Windows 2012 R2 (64-bit) operating system.
  • Java SE Development Kit (JDK) version 1.7 or later, 64-bit. The file path of the JDK bin folder must be added to your Microsoft Windows PATH environment variable; for steps, see your third-party documentation. Be sure to restart your host before continuing.
  • Able to communicate with your Active Directory server.

To create a certificate signing request (CSR) to secure your connection, you must have a third-party tool to generate CSRs, such as the OpenSSL® utility.

Gather the following information:

  • Connection information to your Microsoft Active Directory server, including credentials for an LDAP account that has access to read all users and user information included in your Active Directory repository.
  • For on-premises implementation, the signing Certificate Authority that you use to sign client certificates.

If you want to secure the communication between the MicroStrategy Identity Agent and your Microsoft Active Directory server using LDAP over SSL (LDAPS), you must have a certificate saved in Java KeyStore (.jks) format.

The certificate must be stored in a location that is accessible by the machine that you install the MicroStrategy Identity Agent on. Contact your Active Directory administrator to obtain a certificate.

If you add users to your MicroStrategy Identity Network in ways other than Microsoft Active Directory, such as through a comma-separated values (CSV) file or through a different IDM system such as OpenLDAP, you cannot import users from Active Directory.

Follow the steps below to connect your Active Directory system with MicroStrategy Identity:

  1. Create a CSR in Microsoft AD
  2. Install and Configure the Identity Agent for Microsoft AD
  3. Add Microsoft Active Directory Information to MicroStrategy Identity and Synchronize Users
  4. Including Profile Photos in Microsoft Active Directory

To Create a Cluster of Agents in Your MicroStrategy Identity Network

After registering your MicroStrategy Identity Agent in Identity Manager, you can add multiple Agents to create a cluster. There are no limitations on the number of Agents you can add, but you can only have one cluster per Identity Network. The steps below assume that you have an Agent already registered with your network.

  1. Log into MicroStrategy Identity Manager.
  2. Click Users & Badges.
  3. Under your configured Active Directory Agent, click the drop-down arrow and select Add agent from the list.
  4. In the Agent Name field, enter a name for the new Agent.

  5. Copy the Registration code since you need it to complete the Agent configuration. Be aware that the code expires every 5 minutes.

  6. Install and Configure the Identity Agent for Microsoft AD Install and Configure the MicroStrategy Identity Agent for Azure Active Directory Install and Configure the MicroStrategy Identity Agent for Okta

Related Topics

Distributing Badges to Users in Your MicroStrategy Identity Network

Editing and Removing Users

Physical Gateways