Documentation Connectors

Connectors

Identity Mesh supports a wide range of identity systems through pre-built connectors and extensible APIs. Connect to cloud services, on-premises directories, databases, and custom applications.

Available Connectors

Active Directory

On-Premises

Connect to on-premises Active Directory domains

User and group synchronization
Organizational unit mapping
Password hash sync support

Protocols:

LDAP LDAPS Kerberos

Microsoft Entra ID

Cloud Coming Soon

Sync with Microsoft Entra ID (formerly Azure AD)

User lifecycle management
Group membership sync
Application assignments

Protocols:

Microsoft Graph API OAuth 2.0

Okta

Cloud Coming Soon

Integrate with Okta identity platform

User provisioning and deprovisioning
Group management
Application assignments

Protocols:

Okta API SCIM 2.0

Workday

Cloud Coming Soon

Connect to Workday HCM for employee lifecycle

Employee hire/termination events
Organizational hierarchy sync
Job profile and role mapping

Protocols:

Workday Web Services REST API

LDAP

On-Premises Coming Soon

Generic LDAP directory connector

Standards-compliant LDAP v3
Custom schema support
Flexible DN mapping

Protocols:

LDAP LDAPS

SCIM 2.0

Cloud Coming Soon

Standard SCIM 2.0 protocol connector

User and group resources
Bulk operations support
Filtering and pagination

Protocols:

SCIM 2.0 OAuth 2.0

SQL Database

On-Premises

Direct database connector for custom identity stores

Custom SQL query support
Multiple database engines
Stored procedure execution

Protocols:

MySQL PostgreSQL SQL Server Oracle

REST API

Cloud Coming Soon

Generic REST API connector for custom integrations

Custom endpoint configuration
Flexible authentication methods
JSON/XML payload support

Protocols:

REST OAuth 2.0 API Key Basic Auth

Configuration Examples

Active Directory

Connect to on-premises Active Directory using LDAPS protocol with service account credentials.

{
  "connectorType": "active-directory",
  "name": "Corporate AD",
  "config": {
    "domain": "corp.example.com",
    "ldapUrl": "ldaps://dc01.corp.example.com:636",
    "baseDn": "DC=corp,DC=example,DC=com",
    "bindDn": "CN=SyncService,OU=ServiceAccounts,DC=corp,DC=example,DC=com",
    "bindPassword": "${SECRET:ad_bind_password}",
    "searchFilter": "(&(objectClass=user)(objectCategory=person))",
    "attributes": [
      "sAMAccountName",
      "userPrincipalName",
      "displayName",
      "mail",
      "memberOf"
    ],
    "enableDeltaSync": true,
    "syncIntervalMinutes": 15
  }
}

Prerequisites

  • • Service account with read permissions on target OUs
  • • LDAPS enabled on domain controllers (port 636)
  • • Network connectivity from Identity Mesh agent to DC
  • • Valid SSL certificate on domain controller

Microsoft Entra ID (Coming Soon)

Sync with Microsoft Entra ID (Azure AD) using Microsoft Graph API with OAuth 2.0 authentication.

{
  "connectorType": "entra-id",
  "name": "Azure AD Production",
  "config": {
    "tenantId": "12345678-1234-1234-1234-123456789abc",
    "clientId": "87654321-4321-4321-4321-cba987654321",
    "clientSecret": "${SECRET:entra_client_secret}",
    "scopes": [
      "User.Read.All",
      "Group.Read.All",
      "Directory.Read.All"
    ],
    "filterGroups": [
      "All-Employees",
      "Contractors"
    ],
    "enableDeltaSync": true,
    "syncIntervalMinutes": 10
  }
}

Required API Permissions

  • • User.Read.All (Application permission)
  • • Group.Read.All (Application permission)
  • • Directory.Read.All (Application permission)
  • • Admin consent granted by Global Administrator

Okta (Coming Soon)

Integrate with Okta using API tokens for user and group synchronization.

{
  "connectorType": "okta",
  "name": "Okta Production",
  "config": {
    "domain": "example.okta.com",
    "apiToken": "${SECRET:okta_api_token}",
    "includeGroups": true,
    "includeAppAssignments": true,
    "filterExpression": "status eq \"ACTIVE\"",
    "enableDeltaSync": true,
    "syncIntervalMinutes": 10
  }
}

API Token Requirements

  • • Create API token in Okta Admin Console
  • • Token must have read permissions for Users and Groups
  • • Store token securely in Identity Mesh secrets
  • • Rotate tokens regularly per security policy

Deployment Models

Cloud-Based Connectors

Connectors that run in Identity Mesh cloud infrastructure and connect to cloud services via APIs.

  • No agent installation required
  • Automatic updates and maintenance
  • OAuth 2.0 and API token authentication
  • Suitable for: Entra ID, Okta, Workday, SCIM

Agent-Based Connectors

Lightweight agents installed in your network to connect to on-premises systems.

  • Secure outbound-only connections
  • No inbound firewall rules required
  • Local credential storage
  • Suitable for: Active Directory, LDAP, SQL

Testing Connections

After configuring a connector, test the connection to verify credentials and network connectivity.

POST /api/v1/connectors/{connectorId}/test

Response:
{
  "status": "success",
  "message": "Connection successful",
  "details": {
    "usersFound": 1247,
    "groupsFound": 89,
    "latencyMs": 145,
    "authenticationMethod": "LDAPS"
  }
}

Authentication

Verifies credentials and permissions

Connectivity

Tests network access and latency

Data Access

Confirms ability to read identity data

Next Steps

Need a Custom Connector?

We can build custom connectors for proprietary systems or unique integration requirements.

Contact Us