________  ________  ________  ________  ________  ________  ________ 
 ╱        ╲╱        ╲╱    ╱   ╲╱        ╲╱    ╱   ╲╱        ╲╱    ╱   ╲
╱        _╱    ╱    ╱         ╱         ╱         ╱    ╱    ╱         ╱
╱       ╱╱        _╱         ╱       --╱╲__      ╱         ╱         ╱ 
╲_____╱╱ ╲____╱___╱╲________╱╲________╱   ╲_____╱╲___╱____╱╲__╱_____╱

OCI – Configure Delegated Authentication [Part 3]

Configure AD Bridge User Sync

1. Return to the OCI Portal under domain setting and select Directory Integrations followed by your domain object


2. Click Edit configuration


3. For User objects:

  • Uncheck Include hierarchy
  • Drill down and check the OU with your user account objects
  • The OU checked contains the AD User objects – The filter contains the parent LDAP group and path with recursion
(&(objectClass=person)(memberOf:1.2.840.113556.1.4.1941:=CN=OCI.CustABC.LDAP,OU=PAM,OU=OCI,OU=Security Groups,OU=Users,DC=contoso,DC=com))


6. For Group Objects:

  • Uncheck Include hierarchy
  • Drill down and check the OU with your team group objects
  • The OU checked contains the AD Group objects – The filter contains the parent LDAP group and path
(&(objectCategory=group)(memberOf=CN=OCI.CustABC.LDAP,OU=PAM,OU=OCI,OU=Security Groups,OU=Users,DC=contoso,DC=com))


7. Scroll down and click Edit attribute mapping


8. Update Username and Work Email fields to reference User Principal Name and click Save

  • Remove all other unneeded attributes except for the ones shown below


9. Check Enable local authentication and don’t send welcome notifications. Click Save to complete


10. Select Import on the left and click Import users. Click Refresh until the import completes successfully.

Pages: 1 2 3 4 5 6 7 8