Ports Used with Active Directory Integrations

The IQService provisioning agent calls functions exposed by Microsoft’s .net packages that are a "black box" that communicate to Active Directory indirectly. Identity Security Cloud does not control what port numbers these APIs leverage to interact with Active Directory. Microsoft publishes a list of ports that the .net API and ADSI interfaces use to communicate with an Active Directory server. Were a firewall to be placed between IQService and the Active Directory domain controllers it would need to be exceedingly permissive by opening a large number of dynamic ports. The complete list of ports is published by Microsoft here: Active Directory and Active Directory Domain Services Port Requirements.


This is the companion discussion topic for the documentation at https://documentation.sailpoint.com/connectors/iqservice/help/integrating_iqservice_admin/ports_used_with_ad.html

Hi,
There is a mismatch between this document:

and IQService architecture: Network ports and firewalls - Compass (sailpoint.com):
image

Which is the correct document and port to be opened?

Thanks
Phil

Hi @phil_awlings, the documentation portal document that you refered here- “Ports Used with Active Directory Integrations” is the correct one.

  • Authentication port UDP 137
  • Authentication port TCP 139

The compass community document is an older one, I just updated that as well. Thanks!

1 Like