Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Azure Active Directory for Secure LDAP Authentication

Azure Active Directory for Secure LDAP Authentication

You can import users from Azure Active Directory (Azure AD) into an LDAP security domain.
Azure Active Directory Domain Services provide a secure LDAP public IP address that you use to import user accounts from Azure Active Directory into an LDAP security domain. Users you import can use their LDAP credentials to log in to Informatica nodes, services, and applications that run on virtual machines in an Azure Active Directory managed domain.
You must enable Secure Lightweight Directory Access Protocol (secure LDAP) authentication in Azure Active Directory Domain Services to authenticate Informatica users.
Complete the following steps to prepare to import user accounts from Azure Active Directory into an Informatica domain:
  1. Verify that port 636, which is the Azure Active Directory secure LDAP port, is accessible through your firewall.
  2. Enable secure LDAP authentication in Azure Active Directory Domain Services.
    You use the Azure portal to enable secure LDAP in Azure Active Directory Domain Services. For information about configuring secure LDAP in Azure Active Directory Domain Services, see the following link:
  3. When you configure the secure LDAP certificate in Azure Active Directory Domain Services, ensure that the Subject name on the certificate is the Fully Qualified Domain Name (FQDN) of Azure Active Directory.
  4. Convert the secure LDAP certificate from the PFX format to the PEM format. Java requires that the certificate is in the PEM format.
  5. Import the certificates used by all domain nodes into the Java
    cacerts
    truststore file in the following directory on a single gateway node in the domain:
    <Informatica installation directory>/java/jre/lib/security/
  6. Copy the
    cacerts
    file that contains the imported certificates to the same directory on every other gateway node in the domain.
  7. Add the Azure Active Directory public IP address and the Fully Qualified Domain Name (FQDN) of Azure Active Directory to the /etc/hosts file on each gateway node in the domain. Use the following format:
    <Azure Active Directory host IP address> ldaps.<FDQN of Azure Active Directory>


Updated June 26, 2020