<- .:systems | ^ .:start | Documentation ^ .:wizards | ->

====== Cross domains ======

{{tag>ad provisioning system}}

===== What are cross-domains? =====

By **cross-domains**, we mean a** set of external systems **that are linked and share, for example, the same **permissions**.

A typical example of a cross-domains group might be the linking of multiple domains in **MS Active Directory**. In this case, we can have several **AD domains that share groups with each other**. That is, within one AD domain it is possible to assign users to groups from another AD domain. The groups are thus shared across the entire group of domains (cross-domains). From the end user's perspective, **the systems thus appear to have the same set of groups**.

The goal of cross-domains in **CzechIdM **is to connect systems as described in the example above and to allow to simulate the same property, i.e. that individual group can be assigned to any system in the same cross-domain group.

<WRAP center round info 60%>\\
**A user in CzechIdM **can assign a role to all or only one system **in the cross-domain group**.\\
</WRAP>

===== How to use cross-domains in CzechIdM? =====

To properly use cross-domains in **CzechIdM**, we need three basic things:

   - **Create systems**  connecting systems in each domain.
  - Configure the **cross-domain group of systems**.
  - Create and configure** no-login cross-domain roles**.

==== Admin guide ====

  * [[.:adm:cross-domains|Cross-domains]]