Can anyone share inputs on how to integrate the AD domain where there is no trust between two domains?
For instance, we have two AD domains(ABC.com & XYZ.com) IIQ platform is on ABC.com, we have a requirement to integrate/connect XYZ.com domain in Sailpoint.
What is the best practice to integrate?
Hi @keerthi_p,
you can manage it with 2 connetor or with 1 connector with multiforest configuration:
in both cases, SP must be able to communicate with domain controller and catalog server of no trust domain(Firewall permission, account server…).
Also, you can use a vpn between SP and no trust domain.
Hi Keerthi,
Generally we configure separate connectors for it if we want to do provisioning.
As you will need separate IQServices installed per domain.
Regards
Arjun
Thankyou for the responses. @arjun_sengupta , Yes, I am planning to seperate the configurations however i am wondering if the IQ Service host should be in the same domain of the configuration? Let’s say, I am integrating XYZ domain should the IQ Service host also be on XYZ domain?
Hi Keerthi,
Yes. it needs to be in the same domain.
Regards
Arjun
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
