Brussels / 3 & 4 February 2024


Automated Integration of FreeIPA with AD and External IdP

The ansible-freeipa project provides an Ansible Collection with roles and modules for FreeIPA deployment and management. The talk will show how to automate FreeIPA deployment and configuration to integrate with Microsoft Active Directory and also how to configure and use External Identity Providers, using the ansible-freeipa project. Recent versions of ansible-freeipa allow id overrides for AD users, for example enabling an AD administrator to act as a FreeIPA administrator, performing tasks like enroll new clients, deploy or promote replicas, and manage users, also to use the self-service features. External IdP support has been recently added to FreeIPA. The registration with an integrated IdP enables FreeIPA to act as an OAuth 2.0 client to handle authentication of the user identity and authorize access to it. This integration and the required changes to users can be automated using ansible-freeipa. The talk will be closed by a demonstration of the configuration and integration of AD and External IdP.


Photo of Rafael Jeffman Rafael Jeffman
Thomas Woerner