Use Cases

Connecting the IdentityIQ application to PingDirectory

Use IdentityIQ to configure an LDAPS connection to PingDirectory.

Steps

  1. Sign on to the IdentityIQ Administrator console.

  2. Go to Applications → Application Definition.

Screenshot of initial IdentityIQ screen showing where to find Application Definition

  1. Click Add New Application.

  2. On the Details tab, enter a unique application name and set the Owner field.

  3. From the Application Type menu, select SunOne – Direct.

    PingDirectory is a derivative of the SunOne Directory.

  4. Click the Configuration tab.

  5. On the Settings tab, enter the Direct Configuration settings.

    1. Select the Use TLS checkbox.

    2. Set Authorization Type to Simple.

    3. Enter the PingDirectory administrator account information in the User and Password fields— "cn=dmanager" and the associated password, respectively.

    4. In the Host field, enter the hostname of the PingDirectory server.

    5. In the Port field, enter the PingDirectory configured LDAPS port 636 or 1636.

      The default LDAPS port for PingDirectory is 636.
      Screenshot of IdentityIQ SunOne - Direct Configurtion screen that shows the result of the steps above.

    6. Scroll to the bottom and ensure the Account and Group search scopes are valid for the configured PingDirectory topology.

      In the demo environment the following values were used.

      • Account Search Scope: dc=anycompany,dc=co

      • Group Search Scope: ou=Groups,dc=anycompany,dc=co

    7. Click Test Connection to verify that IdentityIQ can connect to PingDirectory.

    Screenshot of IdentityIQ Account tab that shows a search scope of "dc=anycompany,dc=co" and indicates a successful test connection.

  6. Click the Schema tab and review the details and attributes for the account and group object types. Verify that they match the configured PingDirectory schema.

    The following values were required for the demo environment:

    • Set Group Membership Scope to the group Search DN (ou=Groups,dc=anycompany,dc=co)

    • Change Native Object Type from groupOfUniqueNames to groupOfNames

    • Change Group Membership Attribute from uniqueMember to member

    • Under the Groups schema, add member as an attribute and set it to multi-valued

  7. Click the Preview button for both accounts and groups to preview the objects loaded into IdentityIQ.

    Screenshot of IdentityIQ that shows sample user and group accounts.