Integrating FreeIPA with other systems
Configure external OAuth2 and OpenID Connect identity providers for federated authentication. External IdP integration enables users to authenticate using cloud identity providers like Google, GitHub, Azure AD, and Keycloak. Features include IdP registration with client credentials, authorization endpoint configuration, scope management, user ID attribute mapping, and integration with IPA user accounts for hybrid authentication scenarios.
Manage UID and GID ranges for POSIX attribute assignment and trust domain integration. ID ranges define allocatable ranges for user and group identifiers, ensuring no conflicts between local users and trusted domain users. Features include range creation with base IDs and sizes, domain and range type specification (local, AD trust with SID), automatic range detection for trusted domains, and range modification for scaling deployments.
Manage ID views for overriding user and group attributes on specific hosts. ID views enable per-host attribute customization including UID, GID, home directory, and shell without modifying the master user entry. Features include view creation, host application, user override management, anchor-based override assignment, and support for Default Trust View for managing AD user attributes across IPA infrastructure.
Tools and utilities for migrating from standalone LDAP or NIS to IPA. Migration support includes user and group data import, password migration modes, and migration planning assistance. Provides guidance for transitioning from traditional directory services to IPA's integrated identity management including considerations for DNS, automount, and client configuration.
Manage trust relationships with Active Directory domains for cross-realm authentication and user federation. Trusts enable Active Directory users to access IPA resources using their existing credentials. Features include trust establishment with AD administrator credentials, trust type selection (AD, IPA), bidirectional and one-way trust support, SID mapping, external group membership for AD user mapping to POSIX groups, and DNS integration for service discovery.