Documentation Connectors

Connectors

Identity Mesh supports a wide range of identity systems through pre-built connectors and extensible APIs. Connect to cloud services, on-premises directories, databases, and custom applications.

Available Connectors

Active Directory

On-Premises

Connect to on-premises Active Directory domains

User and group synchronization

Organizational unit mapping

Password hash sync support

Protocols:

LDAP LDAPS Kerberos

Microsoft Entra ID

Cloud Coming Soon

Sync with Microsoft Entra ID (formerly Azure AD)

User lifecycle management

Group membership sync

Application assignments

Protocols:

Microsoft Graph API OAuth 2.0

Okta

Cloud Coming Soon

Integrate with Okta identity platform

User provisioning and deprovisioning

Group management

Application assignments

Protocols:

Okta API SCIM 2.0

Workday

Cloud Coming Soon

Connect to Workday HCM for employee lifecycle

Employee hire/termination events

Organizational hierarchy sync

Job profile and role mapping

Protocols:

Workday Web Services REST API

LDAP

On-Premises Coming Soon

Generic LDAP directory connector

Standards-compliant LDAP v3

Custom schema support

Flexible DN mapping

Protocols:

LDAP LDAPS

SCIM 2.0

Cloud Coming Soon

Standard SCIM 2.0 protocol connector

User and group resources

Bulk operations support

Filtering and pagination

Protocols:

SCIM 2.0 OAuth 2.0

SQL Database

On-Premises

Direct database connector for custom identity stores

Custom SQL query support

Multiple database engines

Stored procedure execution

Protocols:

MySQL PostgreSQL SQL Server Oracle

REST API

Cloud Coming Soon

Generic REST API connector for custom integrations

Custom endpoint configuration

Flexible authentication methods

JSON/XML payload support

Protocols:

REST OAuth 2.0 API Key Basic Auth

Configuration Examples

Active Directory

Connect to on-premises Active Directory using LDAPS protocol with service account credentials.

{
  "connectorType": "active-directory",
  "name": "Corporate AD",
  "config": {
    "domain": "corp.example.com",
    "ldapUrl": "ldaps://dc01.corp.example.com:636",
    "baseDn": "DC=corp,DC=example,DC=com",
    "bindDn": "CN=SyncService,OU=ServiceAccounts,DC=corp,DC=example,DC=com",
    "bindPassword": "${SECRET:ad_bind_password}",
    "searchFilter": "(&amp;(objectClass=user)(objectCategory=person))",
    "attributes": [
      "sAMAccountName",
      "userPrincipalName",
      "displayName",
      "mail",
      "memberOf"
    ],
    "enableDeltaSync": true,
    "syncIntervalMinutes": 15
  }
}

Prerequisites

• Service account with read permissions on target OUs
• LDAPS enabled on domain controllers (port 636)
• Network connectivity from Identity Mesh agent to DC
• Valid SSL certificate on domain controller

Microsoft Entra ID (Coming Soon)

Sync with Microsoft Entra ID (Azure AD) using Microsoft Graph API with OAuth 2.0 authentication.

{
  "connectorType": "entra-id",
  "name": "Azure AD Production",
  "config": {
    "tenantId": "12345678-1234-1234-1234-123456789abc",
    "clientId": "87654321-4321-4321-4321-cba987654321",
    "clientSecret": "${SECRET:entra_client_secret}",
    "scopes": [
      "User.Read.All",
      "Group.Read.All",
      "Directory.Read.All"
    ],
    "filterGroups": [
      "All-Employees",
      "Contractors"
    ],
    "enableDeltaSync": true,
    "syncIntervalMinutes": 10
  }
}

Required API Permissions

• User.Read.All (Application permission)
• Group.Read.All (Application permission)
• Directory.Read.All (Application permission)
• Admin consent granted by Global Administrator

Okta (Coming Soon)

Integrate with Okta using API tokens for user and group synchronization.

{
  "connectorType": "okta",
  "name": "Okta Production",
  "config": {
    "domain": "example.okta.com",
    "apiToken": "${SECRET:okta_api_token}",
    "includeGroups": true,
    "includeAppAssignments": true,
    "filterExpression": "status eq \"ACTIVE\"",
    "enableDeltaSync": true,
    "syncIntervalMinutes": 10
  }
}

API Token Requirements

• Create API token in Okta Admin Console
• Token must have read permissions for Users and Groups
• Store token securely in Identity Mesh secrets
• Rotate tokens regularly per security policy

Deployment Models

Cloud-Based Connectors

Connectors that run in Identity Mesh cloud infrastructure and connect to cloud services via APIs.

No agent installation required
Automatic updates and maintenance
OAuth 2.0 and API token authentication
Suitable for: Entra ID, Okta, Workday, SCIM

Agent-Based Connectors

Lightweight agents installed in your network to connect to on-premises systems.

Secure outbound-only connections
No inbound firewall rules required
Local credential storage
Suitable for: Active Directory, LDAP, SQL

Testing Connections

After configuring a connector, test the connection to verify credentials and network connectivity.

POST /api/v1/connectors/{connectorId}/test

Response:
{
  "status": "success",
  "message": "Connection successful",
  "details": {
    "usersFound": 1247,
    "groupsFound": 89,
    "latencyMs": 145,
    "authenticationMethod": "LDAPS"
  }
}

Authentication

Verifies credentials and permissions

Connectivity

Tests network access and latency

Data Access

Confirms ability to read identity data

Next Steps

Policy Rules

Learn how to create sync policies and transform data between connectors

Getting Started

Follow our step-by-step guide to set up your first sync

Request Demo

Schedule a demo to see connectors in action with your systems

Need a Custom Connector?

We can build custom connectors for proprietary systems or unique integration requirements.