Hi all, we want to allow user to reset password and the changes will be synced to the Active Directory. I understand that the configuration is to be done in the identity profile, however only one active directory can be selected.
However, in our use cases, we have multiple active directories sources as the target systems. There isn’t any active directory as of now which consists all of the users from the authoritative source. Any input on the best approach to handle this? Since I believe the user must have the active directory selected in the identity profile to make the password reset mechanism to work.
If you have multiple active directories to hold certain types of users, you can try to split your Identity Profiles also accordingly and then each profile can be linked to its own AD source.
Hi Sharvari, thank you for the input. Two follow up questions if we are splitting identity profiles,
Do we also to split our authoritative sources into different sources to make this work?
In our use case, one user can also have accounts in two different AD sources, so meaning this user have to exist in two different identity profiles? So total of two identities for one same user in IDN?
Yes. You will have to split/filter the auth source as well, if you go this route.
There won’t be two identities per user but only one. The Profile it is part of(based on identity profile priority) and the AD source which is used on the profile would be used for reset password. The other AD account will be like a regular target AD account. If you need you could also setup password sync groups for AD sources.