topic Jabber with Multi-Forest/Domain and SSO in Collaboration Applications

Jabber with Multi-Forest/Domain and SSO

jriacono5 — Fri, 20 Sep 2019 15:34:56 GMT

Hello,

We are planning a new deployment for a client with multiple forests and domains. I know that you can use LDS to combine the directories and allow users to login. If we were to implement SSO and the IdP was able to authenticate users in each domain, would we need to do LDS still? I know we would need to do the LDAP directory sync but I'm wondering if SSO would negate having to do the LDAP authentication in CUCM.

Thank you,

James

Re: Jabber with Multi-Forest/Domain and SSO

Jonathan Schulenberg — Sat, 21 Sep 2019 15:04:25 GMT

SSO does not negate the LDAP sync - you still need to pull End Users in to the database.

The only officially supported way to support multi-forest on the same cluster is with MS LDS. The problem is that LDS is very poorly understood by most Microsoft admins. You may want to consider the viability of a cluster per-forest and rely on things such as ILS, EMCC, IM&P Inter-Cluster Peering, and CUC HTTPS Digital Networking instead.