Multiple Active Directory-LDAP


#1

We have a scenario in our organization such that we have 2 different Active Directory instances and it is required to provide access to users in both these ADs in Camunda. I did find how to integrate a single LDAP(https://docs.camunda.org/manual/7.7/user-guide/process-engine/identity-service/).

But I was wondering if it is possible to integrate 2 different ADs/LDAPs?
Any help is much appreciated.


#2

Hi,

One ‘brute force’ way could be to write a custom plugin which bridges the two…ANother way could be to use yet another IDP which you point camunda at, and it federates across your two AD domains (for example you could use Okta as an IDP and Okta AD agents could provision each of the AD domains into a common Okta instance…

A more elegant approach would be to use federation or trust down at the AD level…

regards

Rob