Add users from an external directory service
The topics in this section describe how to add a directory service (for example, LDAP) to CyberArk Identity so you can continue using your existing directory without migrating users to another directory source.
After you add your existing directory service, users can access CyberArk Identity with their existing user accounts.
You can use all directory services simultaneously. For example, you can use Active Directory/LDAP as your primary directory service, and the CyberArk Cloud Directory as a convenient supplemental repository for
| Use case | Description |
|---|---|
|
Emergency administrators |
If there is ever a network break down to the Active Directory domain controller, no one with just an Active Directory/LDAP account can log in. However, if you create administrator accounts in CyberArk Identity, these users can log in to the Identity Administration portal and the user portal and launch web applications. |
|
Temporary user |
Some organization’s security policy can make adding a short-term user to Active Directory/LDAP a complex and time-consuming task. If you have a temporary worker who needs access to just the applications you deploy through CyberArk Identity, it may be simpler to add the account to CyberArk Identity. |
|
Contractors or less-trusted users |
Sometimes you do not want users to have the full set of privileges and access rights an Active Directory/LDAP account provides. In this case, you create the account in CyberArk Identity only. |
To avoid users logging in with the wrong account and other account-related confusion, CyberArk recommends that you do not create duplicate accounts (same user name/password) in both the CyberArk Cloud Directory and external directory sources.
