Common questions about connecting identity sources, syncing organizational data, and managing user accounts in SASE.
Why does Windows AD domain account synchronization fail after I provide the required information?
Can I use third-party and custom identity sources at the same time?
Do I need to get the schema for a WeChat identity source from a SASE engineer?
Why does Windows AD domain account synchronization fail after I provide the required information?
Check whether the Base DN field is correctly configured. Verify that the Base DN value is complete and matches the distinguished name format of your directory, for example, DC=example,DC=com.
For configuration details, see Connect to an LDAP identity source.
Can I use third-party and custom identity sources at the same time?
Yes. SASE supports up to five identity sources simultaneously, which lets you connect third-party sources such as DingTalk and WeCom alongside a custom identity source — for example, to cover both internal employees and external contractors with a single configuration. Keep in mind that only one of the five slots can be a custom identity source.
Why is the organizational structure not synchronized after I connect to a third-party identity source?
Check whether you enabled both automatic synchronization and employee information synchronization during identity source configuration.
If automatic synchronization is enabled, review the synchronization records for the identity source to identify any errors. For details, see Identity synchronization.
Do I need to get the schema for a WeChat identity source from a SASE engineer?
Yes. The schema value for WeChat is not self-service. Submit a ticket to have a SASE engineer provide it.
If an administrator deletes a user from DingTalk, WeCom, or Lark after the user resigns, does SASE automatically delete the user account?
No. When a user is deleted from DingTalk, WeCom, or Lark, SASE does the following automatically — provided the identity source is correctly configured:
Unregisters the SASE client on the user's device
Revokes the user's permissions
However, SASE does not delete the user account. The account remains on the Terminal Management > Terminal Registration page in the Secure Access Service Edge console.
Get more help
If the steps above do not resolve your issue, submit a ticket to contact SASE support.