Data Source Configuration Overview
Before you install and configure Juniper Identity Management Service, prepare the data sources in your network by configuring a set of user accounts on the sources with limited permissions. Data sources can be Microsoft Active Directories, Active Directory domain controllers, and Exchange servers. Juniper Identity Management Service requires the username and password of valid user accounts to perform various operations when collecting user identity information from the data sources. Configuring limited permission user accounts minimizes the possibility of security compromises during these operations.
To mitigate brute force attacks, Juniper Identity Management Service only accepts requests from known devices and will limit failed login attempts. To further protect against attacks, you should implement strong security business continuity plans, limit the exploitable attack surface, and only allow trusted administrators, networks, and hosts to access Juniper Identity Management Service deployments.
Perform the configuration tasks in this section on any domain server in the Microsoft Active Directory domain that will be served by Juniper Identity Management Service. If you have multiple Active Directory domains, perform these configuration tasks on a domain server in each of the domains.
On each forest that you have no default trusts to the parent, create three user accounts with limited permissions. For example:
JIMS-EventLogRemoteAccess—Used for event log sources, which can be Microsoft Active Directory domain controllers and Exchange servers
JIMS-ADRemoteAccess—Used for user information sources, which are Microsoft Active Directories
JIMS-PC-Probe—Used for PC probes from Juniper Identity Management Service to domain PCs
To configure data sources, perform these tasks: