6.3 Adding a Cloud Bridge External Repository

IMPORTANT:The Cloud Bridge external repository is applicable only for Advanced Authentication as a Service (SaaS).

In Advanced Authentication as a Service environments, Cloud Bridge act as an identity transfer bridge between Advanced Authentication in the cloud and data sources in on-premises environments. The Cloud Bridge retrieves the identify information from the on-premises repositories and makes this data available periodically or on-demand requests to Advanced Authentication.

The Cloud Bridge Agent is the entity that responds to the Advanced Authentication collection and fulfillment commands and directs them to the proper data source for execution. To collect data from multiple on-premises repositories, you need to install a Cloud Bridge Agent in each on-premises repositories.

To learn the benefits of Cloud Bridge, see Understanding the Benefits of Cloud Bridge.

Repositories

To add a Cloud Bridge external repository, perform the following steps:

Before adding a new Cloud Bridge repository, ensure that you have the privilege to use the Cloud Bridge. Once you have the privilege to use Cloud Bridge, the Cloud Bridge Client(s) list will be displayed in the Client as in Step 6b. If you do not have the privilege to use Cloud Bridge, wait for the NetIQ operations team (Center of Excellence or CoE) to entitle you or contact CoE.

  1. Click Repositories > New Cloud Bridge External repo.

  2. Select an applicable repository type from the LDAP type list. The supported options are:

    • AD for Active Directory Domain Services.

    • eDirectory for NetIQ eDirectory.

  3. Specify the name of the repository in Name.

    NOTE:For AD repositories, the name of the repository must correspond to the domain NetBIOS name.

  4. Specify a container for the users in Base DN. When you select the Search full subtree option, Advanced Authentication performs a search for the users in all the child nodes. You can change the search scope by selecting the Search one level only option.

  5. You can specify a container for the groups in Group DN (optional). When you select the Search full subtree option, Advanced Authentication performs a search for the groups in all the child nodes. You can change the search scope by selecting the Search one level only option.

  6. Add external server configurations:

    1. Click Add Server.

    2. Select the required client URL from Client.

    3. Select the required data center from Data Center.

      This list allows to add multiple domains.

    4. Specify a local IP address of the LDAP server in LDAP server.

    5. Specify the port number of the server in Port. For example, 389.

    6. (Optional) Enable SSL to ensure that the LDAP connection to the appliance is secured with a valid self-signed SSL certificate. This helps to prevent any attacks on the LDAP connection and ensures safe authentication.

      NOTE:If SSL is enabled, you need to upload the LDAP CA certificate.

    7. Click the save icon next to the server credentials.

  7. If SSL is enabled for the external server, click Choose File in LDAP CA certificate, and select the certificate file from the local drive.

  8. Open Agents and Clients if you need to view the following details:

    • Agent ID: It lists the available datacenter.json files. You can select the required Agent ID to view the corresponding datacenter.json information.

    • Client URL: Select the required Client URL to view the available Client URL.

  9. Click Save.

To understand the prerequisites and install procedure of installing Cloud Bridge Agent, see Installing the Cloud Bridge Agent.

You can perform the following to manage the Cloud Bridge external repository: