PeopleSoft and Active Directory

PeopleTools 7.x
PeopleTools 7.x does not have any integration with Microsoft Active Directory.
PeopleSoft applications are authenticated against an internal database table for Operator
ID and password, and each Operator ID is assigned to various Security Classes. Every
user of PeopleSoft are given a PeopleSoft Operator ID and password per PeopleSoft
application (i.e. FS and SA are two separate PeopleSoft application modules; hence, they
each maintain its own security table inside their database). During development stage of
FAST project, Technical Advisory Group (TAG) has established PeopleSoft Operator ID
naming standard across both FS and SA application.

PeopleTools 8.16 (Current Tools release for Student Administration 8 Application)

By default, PeopleSoft 8 security is handled by authenticating against an internal
security database, just as it is in PeopleSoft 7. Concept of Security Class in PeopleSoft 7
has changed slightly and is now referred as Security Roles in PeopleSoft 8. However, the
overall implantation of application security in 8 is analogous to 7.
What’s new in PeopleTools 8.1 is the integration of PeopleSoft security with
LDAP(Lightweight Directory Access Protocol) directories to authenticate directory users.
This allows PeopleSoft user’s credentials be validated against the directory; hence
leveraging pre-existing authentication data in an LDAP directory service and achieve
Single-Sign-On across multiple PeopleSoft applications. Furthermore, user data that is
typically used in a LDAP directory (such as name, phone number, and email address) can
be updated instantaneously or on batch interval when information changes in PeopleSoft
database.
Some special notes pertain to UH-specific environment and PeopleTools
Directory Interface implementation limitations:
 PeopleSoft Directory Interface includes directory schema extensions relevant to
the HR application. The extensions add two Object Classes (psftPerson and
psftJob) as well as several Attribute Types to the AD directory. These extensions
are not required to deploy PeopleSoft Directory Interface, but using them may
simplify publishing data from PeopleSoft HR system to the AD directory.
 PeopleSoft delivered LDAP Authentication interface can only authenticate against
one Directory tree. Under UH environment, where at least four directory trees
(four AD implementations) exist, integration of PeopleSoft and multiple LDAP is
only possible with customization to application sign-on process in PeopleCode.
However, such customization is beyond normal support provided by PeopleSoft
Global Support Center.

PeopleTools 8.41 (Current Tools release for Financial 8 Application)

PeopleTools 8.41 did not add additional features to the PeopleSoft Directory
Interface; hence LDAP authentication limitation for PeopleTools 8.16 still applies here.