Symantec Access Management

  • Private Community
 View Only

  • 1.  Syncing real time data between Active Directory and CA Strong Auth DB (SQL Server)

    Posted Jul 27, 2016 11:12 AM

    This is regarding a question on CA Strong Authentication where CA Strong Authentication is configured with AD for user authentication and AD is used as User Store. However, is there a way to synchronise user data between Microsoft AD and CA Strong Authentication Database (MS SQL Server) so that any changes performed in Active Directory for user records is also synchronised with the Strong Authentication Database automatically? For example, if an user profile is updated in AD, it should be automatically synced with the Strong Auth DB.

     

    Thanks!



  • 2.  Re: Syncing real time data between Active Directory and CA Strong Auth DB (SQL Server)

    Broadcom Employee
    Posted Jul 27, 2016 07:13 PM

    What is the use case you are trying to accomplish? 

    Strong Auth maintains connectivity to AD to authenticate users. There is no data synchronization.



  • 3.  Re: Syncing real time data between Active Directory and CA Strong Auth DB (SQL Server)

    Posted Jul 27, 2016 11:54 PM

    Hi Warren,

    Thanks for the response.

     

    Below is the use case:

    We want to use username/pwd as the primary authentication followed by CA Mobile OTP as the two factor auth mechanism. As we are connecting to AD as user store from Strong Auth Admin Console, we want to sync these user profile into Strong Auth DB automatically. For example, if a new user joins the organization and an user record is created in AD, the same data must flow into the CA Strong Auth DB so that when the user tries to register or enroll for CA OTP his profile information should already be existing prior to the registration or enrollment process. I believe during user registration or user enrollment in CA Strong Authentication, Strong Auth checks whether the user profile exists in it's Database. It does not connect with AD during the user registration/enrollment process. Similarly, if an user is updated or deleted in AD, the same update should flow into the Strong Auth DB. Also is there a way to set the frequency of sync between AD and Strong Auth DB for user updates.   



  • 4.  Re: Syncing real time data between Active Directory and CA Strong Auth DB (SQL Server)
    Best Answer

    Broadcom Employee
    Posted Jul 28, 2016 11:13 AM

    Strong Auth does check AD during user enrollment.  During enrollment the user is required to successfully authenticate with existing credentials and, if configured, complete an out of band verification.  Once the user is successfully verified the user will be enrolled into Strong Auth.

     

    I recommend creating an Idea if you need additional capability around data sync.



  • 5.  Re: Syncing real time data between Active Directory and CA Strong Auth DB (SQL Server)

    Posted Jul 29, 2016 08:27 AM

    Thanks Warren.