One Identity Manager REST APIs Performance (APP and API server)

Hi Raida,

That depends a lot on the use case you want...

-Getting groups from the Active Directory is often technically easier (as the application will have a standard connection for it) and the One Identity - AD connector is really fleshed out.

Downsides of it;

1) AD does not by default register what application the AD group belongs to. You'll want to make sure this is administered so you keep some control of what groups belong to. If a group is used across applications it can also cause 'confusion'.

2) The application - AD integration is outside of your control. Ideally the application and AD are always kept synchronized (with their connection method) ensuring you are in control. However some applications retrieve authorisations from the AD and also allow mutations directly in the application. When using this connection method you'll run the risk of reconciliation issues. So that One Identity and the AD are aligned, but that discrepancies arise between AD and the application.

3) Using REST API's is often harder to (technically) set up (and maintain if the REST API's change). However it does give more control in terms of reconciliation.

4) When using REST API's be aware you keep some data standardization between your applications. With the AD the AD 'enforces' that, with applications you have to pay attention to it yourself.

5) When using REST API's you have a lot more flexibility to (temporarily) turn off certain connectors, set thressholds per application etc. 

So there is no standard best way... It depends on use cases / details. But hopefully the above items give you some things to think about and discuss atleast.