Active Directory

The Active Directory Connector uses an enterprise Active Directory directory service to provide attributes used for:

  • migrating user profile information from legacy to cloud identity systems,
  • adding HTTP headers consumed by on-premises applications, or
  • maintaining state for user sessions as they move across identity systems and applications.

Configuration options

The following values can be provided to the Active Directory connector via the Maverics configuration file.


url are the URL(s) of the Active Directory server that Maverics connects with. Both a single URL and a list of URLs are supported. When multiples URLs are provided, a round-robin load balancing scheme will be used to distribute traffic.

Service Account Username

serviceAccountUsername is the username used to connect to the Active Directory server.

Service Account Password

serviceAccountPassword is the password used to connect to the Active Directory server.

Base DN

baseDN specifies the location in which to perform the Active Directory search.

Username Search Key

usernameSearchKey is the search key to filter on during when searching for a user.

Attribute Delimiter

attributeDelimiter is the delimiter used to separate multi-valued attributes. This is an optional field and is only necessary if an attribute is multi-valued. If no value is provided, a default of “,” will be used for the delimiter.


Sample Active Directory Connector Configuration

  - name: ad-example
    type: activedirectory 
      - "ldap://"
      - "ldap://"
    baseDN: ou=People,o=Example,c=US
    serviceAccountUsername: uid=admin,ou=Admins,o=Example,c=US
    serviceAccountPassword: password
    usernameSearchKey: uid
    attributeDelimiter: ^