Identity Governance requires that you have an identity service that stores the authorized users that log in to and use Identity Governance. Identity Governance supports:
Active Directory
eDirectory
Identity Manager Identity Vault
Active Directory Federation Server (AD FS) back by eDirectory or Active Directory
You can install Identity Governance without an LDAP directory installed, configured, and populated with user accounts if you use a file-based bootstrap administrator account to perform the installation and basic configuration. For more information, see Understanding the Bootstrap Administrator for Identity Governance.
We recommend that you configure the LDAP directory to communicate over LDAP over SSL (LDAPS) to ensure that the authorized users’ credentials are kept secure. The Identity Governance installer can configure Identity Governance to communicate over LDAPS with the LDAP directory when you provide the DNS host name, port, and administrator credentials for the LDAP directory during the installation. The LDAP directory must be populated with user accounts that have passwords and must be configured to use LDAPS so that the installer can get the proper information to establish the secure connection.
Ensure that you either use the bootstrap administrator account for the installation of Identity Governance or have the LDAP directory installed, configured to use LDAPS, and populated with the user accounts and passwords of the authorized users for Identity Governance.
Using AD FS with OSP required additional configuration steps that must performed after you install OSP. For more information, see Section 8.2.4, Configuring OSP to Work with AD FS.