Question related to IQService

Hi Everyone,

Let’s say we want to use IDN to perform provisioning activities on Active Directory “DomainA” , then do we need IQService host machine joined to that “DomainA” ?

In other words, can “IQService host machine” not be added to any domain and still perform provisioning activities to a particular Domain (DomainA in this case)?

Thanks
Vijay

hi Vijay,

yes, Generally that is the case.

The IQService machine needs to be in the same domain as the of the AD its trying to provision. That being said, it depends on how the trust relationship is setup between the different domains in a forest and which server we are installing IQService.

For Example : Domain A and domain B - No trust relationship, then separate IQService.

Domain A and Domain B - With Trust relationship

• The multi-domain AD application configuration applies only where there is a two-way trust relationship between all the domains to be represented as a single AD application in IdentityIQ.
• The multi-forest AD application configuration can be used when the forests have two-way or one-way trust relationships, but there are limitations on provisioning options with one-way trusts, as explained in the Provisioning with multiple domains/forests section.

For more reference:-
https://community.sailpoint.com/t5/Technical-White-Papers/Integrating-with-Active-Directory-Multi-Domain-and-or-Multi/ta-p/79383

Hope this helps
Regards
Arjun

Hi Arjun, thank you for the reply and details. that is very helpful.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.