Creating a Connection

This guide walks you through creating a new connection to synchronize identity data from your directory services.

Before You Begin

Ensure you have:

• Administrator access to IdentityCenter
• Network connectivity to the target directory
• Service account credentials with appropriate permissions
• Required ports open in your firewall

Creating an Active Directory Connection

Step 1: Navigate to Connections

1. Log in to IdentityCenter as an administrator
2. Navigate to Administration > Connections
3. Click New Connection

Step 2: Select Connection Type

1. Choose Active Directory from the connection type dropdown
2. Click Next

Step 3: Configure Basic Settings

Step 4: Configure Server Settings

Finding Your Base DN

If you're unsure of your Base DN, you can discover it:

Option 1: From Active Directory

# Run on a domain-joined computer
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().GetDirectoryEntry().distinguishedName

Option 2: From IdentityCenter Leave the Base DN blank and click "Discover" - IdentityCenter will query the RootDSE to find it automatically.

Step 5: Configure Authentication

Authentication Types

• Simple - Username and password (most common)
• Negotiate - Windows integrated authentication (Kerberos/NTLM)
• Anonymous - No authentication (rarely used)

Step 6: Test the Connection

1. Click Test Connection
2. Wait for the test to complete
3. Review the results:
   • Server reachable
   • Authentication successful
   • Base DN accessible
   • Objects discoverable

If the test fails, see Connection Troubleshooting.

Step 7: Save the Connection

1. Click Save
2. The connection appears in your connection list
3. Status should show Active

Creating an Entra ID Connection

Prerequisites

Before connecting to Entra ID, you need:

• An Azure subscription
• An App Registration with appropriate permissions
• Client ID and Client Secret

Step 1: Create an App Registration in Azure

1. Navigate to Azure Portal > Azure Active Directory > App Registrations
2. Click New Registration
3. Configure:
   • Name: IdentityCenter Sync
   • Supported account types: Single tenant
   • Redirect URI: Leave blank
4. Click Register

Step 2: Configure API Permissions

1. Go to API Permissions
2. Click Add a Permission
3. Select Microsoft Graph
4. Choose Application permissions
5. Add these permissions:
   • User.Read.All
   • Group.Read.All
   • Directory.Read.All
6. Click Grant admin consent

Step 3: Create a Client Secret

1. Go to Certificates & secrets
2. Click New client secret
3. Set description and expiration
4. Copy the secret value immediately (it won't be shown again)

Step 4: Create the Connection in IdentityCenter

1. Navigate to Administration > Connections
2. Click New Connection
3. Select Entra ID (Azure AD)
4. Configure:

5. Click Test Connection
6. Click Save

Creating a Generic LDAP Connection

For OpenLDAP, eDirectory, or other LDAP servers:

Step 1: Gather Information

Step 2: Create the Connection

1. Select Generic LDAP as connection type
2. Configure server settings as above
3. Configure schema mappings:

4. Test and save

Advanced Connection Settings

Connection Pooling

Configure connection pooling for improved performance:

Timeout Settings

Referral Handling

Post-Creation Tasks

After creating a connection:

1. Verify Health - Check the connection status on the dashboard
2. Create a Sync Project - Set up synchronization to import data
3. Schedule Monitoring - Configure alerts for connection failures
4. Document - Record the connection details for your team

Next Steps

• Active Directory Connection Details
• Entra ID Connection Details
• Connection Troubleshooting
• Creating a Sync Project