The One Identity Manager Password Capture Agent
The One Identity Manager Password Capture Agent
The Password Capture Agent allows you to synchronize user passwords between Active Directory domains managed by One Identity Manager and other connected target systems. The Password Capture Agent tracks changes to user passwords in the source Active Directory domain and provides that information to the Webservice (an optional component of One Identity Manager), which in turn synchronizes the changes with target connected data systems by using the password templates you specified. To synchronize passwords, you must install the Password Capture Agent on each domain controller in the Active Directory domain you want to use, as a source for the password synchronization operations.
The following diagram shows how the password synchronization feature of One Identity Manager works.
Figure 1: How the Password Synchronization feature works
Automated Password Synchronization
If your enterprise environment has multiple data management systems, each having its own password policy and dedicated user authentication mechanism, you may face one or more of the following issues:
- Because users have to remember multiple passwords, they may have difficulty managing them. Some users may even write down their passwords. As a result, passwords can be easily compromised.
- Each time users forget one or several of their numerous access passwords, they have to ask administrators for password resets. This increases operational costs and translates into a loss of productivity.
- There is no way to implement a single password policy for all of the data management systems. This tool impacts productivity, as users have to log on to each data management system separately in order to change their passwords.
With One Identity Manager, you can eliminate these issues and significantly simplify password management in an enterprise environment that includes multiple data management systems.
One Identity Manager provides a cost-effective and efficient way to synchronize user passwords from an Active Directory domain to other data systems used in your organization. As a result, users can access other data management systems using their Active Directory domain password. Whenever a user password is changed in the source Active Directory domain, this change is immediately and automatically propagated to other data systems, so each user password remains in sync within the data systems at all times.
You must connect One Identity Manager to the data systems in which you want to synchronize passwords.
Related Topics
- Steps to Automate Password Synchronization
- Managing the Password Capture Agent
- Fine-Tuning Automated Password Synchronization
Steps to Automate Password Synchronization
|
|
NOTE: The Webservice has to be installed. For more information read the One Identity Manager Configuration Guide. |
To automatically synchronize passwords from an Active Directory domain to another data system
- Connect One Identity Manager to the Active Directory domain where you want to install the Password Capture Agent.
- Connect One Identity Manager to the data system where you want to synchronize user account passwords with those in the source Active Directory domain.
- Ensure that user accounts in the source Active Directory domain and the connected target systems are properly mapped to employees in One Identity Manager.
For more information on how to assign employees to user accounts, see the One Identity Manager Administration Guide for Connecting to Active Directory.
- Install the Password Capture Agent on each domain controller in the Active Directory domain you want to have as a source for password synchronization operations.
The Password Capture Agent tracks changes to user passwords in the source Active Directory domain and provides this information to the Webservice (an optional component of One Identity Manager), which in turn synchronizes passwords in the target connected systems you specify.
After you have completed the above steps, the Password Capture Agent starts to automatically track user password changes in the source Active Directory domain and the One Identity Manager synchronizes passwords in the target connected system.
If necessary, you can fine-tune password synchronization settings by completing these optional tasks:
- Modify the default Password Capture Agent settings before installation.
- Modify the default Webservice settings related to password synchronization.
- Specify a custom certificate for encrypting the password synchronization traffic between the Password Capture Agent and the Webservice. By default, password synchronization traffic between the Password Capture Agent and the Webservice will be secured by transport layer security only.
Related Topics
- Managing the Password Capture Agent
- Configuring Password Capture Agent
- Specifying a Custom Certificate for Encrypting Password Synchronization Traffic
Managing the Password Capture Agent
Managing the Password Capture Agent
The Password Capture Agent is required to track changes to user passwords in the Active Directory domain which you want to be the authoritative source for password synchronization operations. To synchronize passwords, you must install the One Identity Manager Password Capture Agent on each domain controller in the source Active Directory domain.
Whenever a password changes in the source Active Directory domain, the Password Capture Agent captures that change and sends the changed password securely to One Identity Manager. In turn, One Identity Manager uses the provided information to synchronize passwords in the target connected systems according to your settings.