Get Live Help
The Password Capture Agent allows you to synchronize user passwords between Active Directory domains managed by One Identity Manager and other connected target systems. The Password Capture Agent tracks changes to user passwords in the source Active Directory domain and provides that information to the web service, which in turn synchronizes the changes with connected target systems by using the password templates you specified. To synchronize passwords, you must install the Password Capture Agent on each domain controller in the Active Directory domain you want to use, as a source for the password synchronization operations.
The following diagram shows how the password synchronization feature of One Identity Manager works.
Figure 1: How the password synchronization feature works
If your enterprise environment has multiple target systems, each with its own password policy and dedicated user-authentication mechanism, you may face one or more of the following issues:
With One Identity Manager, you can eliminate these issues and significantly simplify password management in an enterprise environment that includes multiple target systems.
One Identity Manager provides a cost-effective and efficient way to synchronize user passwords from an Active Directory domain to other target systems used in your organization. As a result, users can access other target systems using their Active Directory domain password. Whenever a user password is changed in the source Active Directory domain, this change is immediately and automatically propagated to other target systems, so each user password remains in sync within the data systems at all times.
You must connect One Identity Manager to the target systems in which you want to synchronize passwords.
|NOTE: The web service must be installed. For more information, see the One Identity Manager Installation Guide and the One Identity Manager Configuration Guide.|
To automatically synchronize passwords from a Active Directory domain to another target system
For general information on how to assign employees to user accounts, see the One Identity Manager Target System Base Module Administration Guide. For more information on how to assign employees to Active Directory user accounts, see the One Identity Manager Administration Guide for Connecting to Active Directory.
The Password Capture Agent tracks changes to user passwords in the source Active Directory domain and provides this information to the web service, which in turn synchronizes passwords in the connected target system you specify.
After you have completed the above steps, the Password Capture Agent starts to automatically track user password changes in the source Active Directory domain and One Identity Manager synchronizes passwords in the connected target system.
If necessary, you can fine-tune password synchronization settings by completing these optional tasks:
Modify the default Password Capture Agent settings before installation.
Modify the default web service settings related to password synchronization.
Specify a custom certificate for encrypting the password synchronization traffic between the Password Capture Agent and the web service. By default, password synchronization traffic between the Password Capture Agent and the web service will be secured by transport layer security only.
The Password Capture Agent is required to track changes to user passwords in the Active Directory domain that you want to be the authoritative source for password synchronization operations. To synchronize passwords, you must install the One Identity Manager Password Capture Agent on each domain controller in the source Active Directory domain.
Whenever a password changes in the source Active Directory domain, the Password Capture Agent captures that change and sends the changed password securely to One Identity Manager. In turn, One Identity Manager uses the provided information to synchronize passwords in the connected target systems according to your settings.