Does the IQ service be installed on a machine which is member of any domain inside the forest to which its provisioning to?

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi All,

Does the IQ service be installed on a machine which is member of any domain inside the forest to which its provisioning to?

We are having test AD (xyz domain in forest A) and IQ service machine is from production domain (ABC in forest B) . Can we use this IQ server to connect to the domain controller joined to domain xyz in forest A?

2

Hi Anu,

We have implemented a similar test within our AD Test source for the IQService upgrade. Currently our AD Test source is having IQService hosted from a sandbox server on our production network (which is on a different domain). As far as the functionality of IQService is concerned, we haven’t run into any issues with having it hosted on a production server within the AD Test source, so long as you’ve correctly configured the IQService installation on the host machine. However, we’ve been running into some issues with this same setup when we tried to enable LDAPS in the domain settings. It’s likely something else causing that, but it’s worth mentioning.

1 Like
3

@willmaness thanks for your response.

So if I understood you correctly, currently you have the test AD and IQ server is installed in a machine joined to production domain. But is the test AD domain and production domain inside different forest or are they in the same forest?

If they are in different forest, how does the IQServer resolve the Test AD hostname -did you insert any DNS entry in the IQServer for this?

4

Yes, the test AD domain and production domains are in different forests. And within the test AD source in Sailpoint, I configured the IQService settings to pull from the instance that’s being hosted on our production sandbox server.

I inserted a DNS entry into the certificate that I created as a Subject Alternative Name on the production server that was uploaded to each of the VAs that the AD Test source is running on. This was part of the TLS configuration process for IQService, which is what I needed the certificate for. That is the only configuration I’ve dealt with involving DNS.

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.