AD | RapidIdentity Cloud Password Sync
  • 21 Jun 2023
  • 1 Minute to read
  • Dark
    Light

AD | RapidIdentity Cloud Password Sync

  • Dark
    Light

Article summary

The RapidIdentity Cloud solution provides the option for a password sync. This allows for password changes made locally to be synced to the RapidIdentity Cloud Store and for changes from the RapidIdentity Cloud to be synced down to on-premises accounts, such as Active Directory.

RapidIdentity Password Filter

By default, the password changes made in the RapidIdentity Cloud Portal will only change the password in the RapidIdentity Cloud store. To implement the AD <-> RapidIdentity Cloud password sync option, a password filter will need to be installed on all domain controllers in the Active Directory environment.
The RapidIdentity Password Filter facilitates a password sync across the Identity Bridge. Once installed, the filter catches any password changes in an on-premises directory, encrypts the password, and writes the encrypted password to a special attribute on each user's account in the on-prem directory. The RapidIdentity Cloud will monitor for any changes on this attribute. When a change occurs, the updated password will sync up and be updated in Cloud and will update Target Systems.

Installation Guide: RapidIdentity Password Filter

Testing the AD <> Rapid Identity Cloud Password Sync

Confirm that the password sync is working correctly by testing both downstream and upstream changes occur.

Downstream

  • Sign into RapidIdentity Cloud Portal and login as a user
  • Change the user’s password in the Portal
  • Confirm that the new password flows downstream to AD

Upstream

  • Change password for a user on premise in either AD or RapidIdentity on-prem
  • After a minute, confirm that the user can use this new password to log into the RapidIdentity Cloud Portal

Notes

  • Customers using Open-LDAP may require additional configuration for a password sync.
  • The AD <> RI Cloud PW Sync option can be used in the case of AD Domain Controllers hosted by Azure.
  • The password filter is not retroactive, users will still have to claim their accounts or an initial password will need to be set in the RapidIdentity Cloud.

Was this article helpful?

What's Next
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence