Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Password Filter questions

TimE
New Contributor
New Contributor
Hi all. I need some design questions answered about the Password Sync Agent for use in a 3 Domain setup.
 
Q1. The base URL for the SSM instance is in the format "baseUrl": "https://hostname:port/ECM". 
So I"m assuming the traffic from the Agent to EIC is port 443 and it is just using the API in EIC. No custom ports etc. So for firewall changes, I need all DC's to see EIC over port 443 to send password changes?
 
Q2 - Once the password hits EIC it is sent to my 2 other target Domains/Connections.
How is the password sent? Does it just use the 'URL' string from my Connection? e.g. ldaps://10.0.0.10:636? So my existing firewall rules on 636 to my DC list in the connection string is enough to write passwords, there is no extra config for this part to work?
 
Q3 - I want the user to be able to reset their password in any of the 3 AD systems and have it sync to the other 2. So I will be installing capture agents on all 3 sets of Domain Controllers. When I change in DomainA and the agent sends to EIC to write to DomainB and DomainC. If you are just using LDAPS then this will trigger the password capture agent on the DC's in domain B and C. Those two will then send the password back to EIC to write to all my other domains.
Can you confirm there is logic in SSM to see that the password was already set a few seconds ago and stop sending any further updates so it doesn't loop. (I've used other tools in the past that detect this in a 3 way multi-master config. Just want to ensure EIC works with designs I've done in the past)
 
Thanks.
4 REPLIES 4

ManishAcharya
Saviynt Employee
Saviynt Employee

1: Thats correct, PwdFilter to EIC communication is through REST API only

Thanks for the reply. I'm guessing Q2 is the same. But Q3 is the important one, we need to ensure that no password loops occur in this solution.

Does AD DC not in sync ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Not really relevant. I'm trying to sync 3 different Active Directories using the Password Filter agent. So a user changes a password in Domain A and it updates the users other linked accounts in Domain B and C.

I need support to tell me if it will loop the password if I also have the filter deployed in Domain B and C and have JSON configured in there to sync back to Domain A as well.