We have a scenario in our organization such that we have 2 different Active Directory instances and it is required to provide access to users in both these ADs in Camunda. I did find how to integrate a single LDAP(Identity Service | docs.camunda.org).
But I was wondering if it is possible to integrate 2 different ADs/LDAPs?
Any help is much appreciated.
Hi,
One ‘brute force’ way could be to write a custom plugin which bridges the two…ANother way could be to use yet another IDP which you point camunda at, and it federates across your two AD domains (for example you could use Okta as an IDP and Okta AD agents could provision each of the AD domains into a common Okta instance…
A more elegant approach would be to use federation or trust down at the AD level…
regards
Rob
Hi @Webcyberrob,
We got a Proxy created in front of both the instances, which will map to both the instances. However we are facing an issue where in certain cases there are users with the same username on both instances. In this scenario we get an error “Query return 2 results instead of max 1”. I’m wondering if there is some kind of priority that can be set in Camunda configurations to allow instance 1 to be checked first and if it fails instance 2 is checked.
@camunda Is there some work around for this?
If we have an AD with trust down configured, is there additional configuration in the LdapIdentityProviderPlugin ? because it’s not fetching users from the other domains