In some cases environments multiple user databases may be in use that the users are not aware of, the databases being automatically mirrored when changes are made. For example you have one suite of applications managed by a local Active Directory and another set of applications managed by another off-site Active Directory. Each database contains the same users allowing access to both application suites with the same user details. Configuring and Linking these accounts through Access Manager will allow the linked accounts to synchronise transparently.
Below I will show you how to set-up transparent linking of two separate systems allowing a change in one AD to be transparently synced to the other.
To begin add all directories to Access Manager, this process is explained in this article.
Once the directories have been added go to the Directories page and select your Primary directory, then expand the Configuration options, disable the option labelled “Allow self-service linking” and save. This will stop users from being able to link accounts by themselves, and removing the Other Accounts tab from the user account interface. The only user that can link accounts now is the admin, or other administrator users.
Next go to Configuration > Security and expand the Password Reset and Account Unlock section. Find the option “Multiple Password Change Mode” and expand the dropdown, select the Always option and save.
This option disables the Account selection option when Changing or Resetting a password.
Whenever a user resets or changes their password, or unlocks their account, the action will be completed for all accounts that are linked to that user automatically. This will ensure that all accounts to be kept in sync with the same password. If user accounts have not yet been linked then this would be the time to do so.
