The following table lists IAM plugins connecting to MSAD and states the intended usage:
Plugin Name | Description | Recommended for Use-Case |
---|---|---|
Active Directory Connector | General purpose plugins used to connect to MSAD for several purposes. Usually this is the only IAM plugin required to connect to MSAD. |
|
Active Directory Password Repository | Used in flow-based authentication for password check and change. |
|
Active Directory Password Policy (+ Connector) | Checks whether a password meets the requirements of the MSAD password policy. |
|
As a rule-of-thumb the following setups are recommended.
When authenticating users with:
- Username and Password only: MSAD can be used as sole authentication and persistence back-end (no IAM database needed).
- 2 Factors: MSAD should only be used to check the password. Second factors should be checked using the IAM database.