If your enterprise environment has multiple data management systems, each having its own password policy and dedicated user authentication mechanism, you may face one or more of the following issues:
- Because users have to remember multiple passwords, they may have difficulty managing them. Some users may even write down their passwords. As a result, passwords can be easily compromised.
- Each time users forget one or several of their numerous access passwords, they have to ask administrators for password resets. This increases operational costs and translates into a loss of productivity.
- There is no way to implement a single password policy for all of the data management systems. This too impacts productivity, as users have to log on to each data management system separately in order to change their passwords.
With Quick Connect, you can eliminate these issues and significantly simplify password management in an enterprise environment that includes multiple data management systems.
Quick Connect provides a cost-effective and efficient way to synchronize user passwords from an Active Directory domain to other data systems used in your organization. As a result, users can access other data management systems using their Active Directory domain password. Whenever a user password is changed in the source Active Directory domain, this change is immediately and automatically propagated to other data systems, so each user password remains in sync in the data systems at all times.
You need to connect One Identity Quick Connect Sync Engine to the data systems in which you want to synchronize passwords through special connectors supplied in Quick Connect packages (also known as bundles). For a list of data systems in which you can synchronize passwords by using a particular Quick Connect package, see the Quick Start Guide supplied with that package.
|
NOTE: For instructions on how to automate password synchronization between two Active Directory domains, see the Quick Start Guide supplied with Quick Connect Express for Active Directory. |
To automatically synchronize passwords from an Active Directory domain to another data system, complete these steps:
- Install Capture Agent on each domain controller in the Active Directory domain you want to be the source for password synchronization operations.
Capture Agent tracks changes to the user passwords in the source Active Directory domain and provides this information to the Quick Connect Service (a component of the One Identity Quick Connect Sync Engine), which in turn synchronizes passwords in the target connected systems you specify.
For more information on how to install Capture Agent, see Managing Capture Agent.
- Connect the One Identity Quick Connect Sync Engine to the Active Directory domain where you installed Capture Agent in step 1.
Alternatively, you can configure a connection to ActiveRoles Server that manages the source Active Directory domain.
- Connect the One Identity Quick Connect Sync Engine to the data system where you want to synchronize user object passwords with those in the source Active Directory domain.
- For some target data systems (such as SQL Server and Oracle Database) you must specify the data you want to participate in the password synchronization by configuring an SQL query. For more information, see the section titled “Using an SQL Query to Specify Data in a Connected System” in the Quick Start Guide supplied with the Quick Connect package that provides connectors for those data systems.
- If the target data system is an LDAP directory service accessed via the generic LDAP connector, you must specify the target object type for which you want to synchronize passwords and the attribute where you want to store object passwords.
- Ensure that user objects in the source Active Directory domain are properly mapped to their counterparts in the target connected system.
For more information about mapping objects, see Mapping objects.
Quick Connect automatically maps objects between the source Active Directory domain and the target connected system if you configure synchronization workflows to manage the provision and deprovision operations between the source AD domain (or ActiveRoles Server that manages that domain) and the target connected system.
For more information on synchronization workflows, see Synchronizing identity data.
- Create a password synchronization rule for the target connected system.
For more information, see Creating a password sync rule.
After you complete the above steps, the One Identity Quick Connect Sync Engine starts to automatically track user password changes in the source AD domain and synchronize passwords in the target connected system.
If necessary, you can fine-tune the password synchronization settings by completing these optional tasks:
Capture Agent is required to track changes to the user passwords in the Active Directory domain you want to be the authoritative source for password synchronization operations. To synchronize passwords, you must install Capture Agent on each domain controller in the source Active Directory domain.
Whenever a password changes in the source Active Directory domain, the agent captures that change and provides the changed password to the One Identity Quick Connect Sync Engine. In turn, the One Identity Quick Connect Sync Engine uses the provided information to synchronize passwords in the target connected systems according to your settings.
In this section:
You can use this method to manually deploy Capture Agent on each domain controller in the source Active Directory domain.
To manually install Capture Agent
- Run one of the following files supplied with the One Identity Quick Connect Sync Engine installation package:
- On a 32-bit domain controller, run the file QuickConnectCaptureAgent_x86.msi.
- On a 64-bit domain controller, run the file QuickConnectCaptureAgent_x64.msi.
- Step through the wizard to complete the agent installation.