Integration of federated AD

Hi Team,

In our project we’ve client AD which is integrated with IdentityNow. This Client AD is integrated with one of their customer AD through ADFS to get access to some application. How we can integrate the customer AD with IdentityNow. Any inputs.

Thanks for the details. Our main UseCase is the AD accounts exists in client domain should get one of the cloud application access, which exists in our vendor side. The provisioning and access for the cloud application exists in vendor AD side should be managed by IdentityNow. The SAML part is only talking about authentication. Please guide me, if my understanding is wrong.

There are several solutions:

  1. "With a VA":Integrate the vendor AD as a new source in IdentityNow. This means a VA in place that can aggregate accounts from this new “Vendor AD”. Probably not what you wish
  2. "With claims": Propagate permissions in the SAML token. This means for instance that in “Client AD”, you have “group 1”, and that the group 1 is part of the group claims in the SAML token.
    The vendor AD has then to read the group claims to grant access to their applications
  3. "With a CSV": If the vendor is not able to interpret the claims in the token, I think a plain old CSV file exchange is in order

I do not see any other magical solution.

1 Like