Password Synchronizer

Multi-Platform Password Synchronizer feature of ADSelfService Plus automatically synchronizes Windows Active Directory password resets/changes and account unlocks of a user account across multiple other platforms. This offers users the comfort of maintaining a single password across all systems.

ADSelfService Plus supports a wide range of cloud-based and on-premise applications for password synchronization with Windows Active Directory. The list includes:

• Google Apps

• Office 365 / Azure

• Salesforce

• Zoho

• Zendesk

• Microsoft Dynamics CRM

• IBM i/AS400 system

• HP UX Directory Server

• Oracle E-business Suite

• Oracle Database

• AD LDS

• OpenLDAP

• Active Directory

• ServiceNow

Account Linking:
Accounts in Active Directory must be linked with the corresponding accounts in other providers for password synchronization to work. Account linking can be done either manually by the end user or can be automated.

To manually link accounts, end users need to log in to the self-service portal, go to the Link Accounts tab, and then enter their credentials of the provider with which they want to link their AD account.

AD accounts are automatically linked with other providers based on one or more of AD attribute value(s) as selected by you.

Follow the steps given below to configure account linking:

• Navigate to Configuration --> Self-service --> Password Synchronizer

• Click Account Linking

• Select a provider from the drop down menu

• Select a System or Domain

• Now Enable or Disable the Auto Account Linking option. If disabled, users have to manually link their accounts by logging in to the self-service portal.

• If enabled, select the account attribute(s) in AD, whose value will be compared with the accounts in the selected provider.

• If you have selected more than one attribute, the AD Account Format will show you the final value that will be used to link accounts.

Note: If the value of the attributes in AD Account Format is null, then sAMAccountName value will be used by default to automatically link accounts.

Synchronize Native Password Changes in Windows Active Directory: To synchronize native password changes in Windows Active Directory, you need to install the password sync agent that comes bundled with ADSelfService Plus. The Password Sync Agent, when installed on a Primary Domain Controller (PDC), intercepts the native password change (e.g.: password change via Ctrl+Alt+Del screen or password reset by admins in ADUC console), encrypts the new password, and automatically synchronizes them with the above mentioned systems and applications.

To learn more about the Password Sync Agent and how to install it, please click here.