IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Hi Timothy, The Bridge for Directory Sync for Active Directory does NOT sync passwords. The best method of implementation for the bridge would be to also deploy the Active Directory Identity Agent. This will enable learning of the AD password upon authentication if you enable this feature. If you do not enable password learning then using the agent for authentication will continue to rely on AD for the password. Which is also fine and its one less place to audit for passwords.
I did a presentation on this during the Virtual Master Skills University this year. Link is here: https://www.securitylearningacademy.com/course/view.php?id=6789 (just need IBMid to view)
This might help clear up why and when to use this bridge. To quickly answer your question, its really meant to sync the users/groups/attributes from AD to ISV SaaS and keep these in sync for many scenarios, like using Windows Login Agent for MFA into Windows and linux agent for linux servers (I cover this also).
If you would like to discuss this in person, we will be in Hollywood Florida at the Master Skills University. More info here: https://www.ibm.com/training/events/msu2022
Hopefully this helps