RapidIdentity Administrators' and Users' Guide

Store Images in Active Directory through Connect

RapidIdentity can use image files in multiple ways, including user image profile pictures, customized logos, or any other purpose requiring an image to be associated with an account or a process. For RapidIdentity environments with a large number of users requiring image files, the best way to store these is in Active Directory through RapidIdentity Connect.

Global Attribute List Prerequisites
Define Image Attribute

Before an image can be called in a Connect Action Set, a definition must be set for it in the Global Attribute List. If an image attribute does not yet exist, it will need to be created.

  1. In Configuration > Systems > LDAP > Global Attribute List, create a New Attribute. Set the Attribute Name and give it a Friendly Name.


    The most commonly used LDAP Attribute Names used for this purpose are jpegPhoto and idautoPersonPhotoURL. Another option, thumbnailphoto, is not as commonly used.

    Files associated with type jpegPhoto should only be in .jpg format to avoid errors during application consumption.

  2. Choose a Type.


    Type Image - Binary will use the actual image bytes stored in Active Directory, while type Image - URL will obtain the image from a URL.

    For a binary photo, the image will need to be stored somewhere that Connect can access, such as a remote file system or the Connect Files module. (Connect Files is not recommended for large groups of images.)

  3. Determine the rest of the settings as needed for the environment and click Save.


    Most of these options are not necessary for an image attribute, but Allow Multiple Values can be used for URLs if needed.

    Table 24. GAL Attribute List Item Fields



    Global Filter


    Allow Multiple Values

    Whether the attribute should be allowed to have multiple values.


    LDAP attributes that are defined as single-valued in the directory schema should never be allowed to have multiple values.

    LDAP attributes that are defined as multi-valued in the directory schema may be marked as single-valued in the GAL if RapidIdentity should treat it as single-valued.

    Allow Searching on This Attribute

    Whether this attribute may be included in various basic LDAP searches performed by RapidIdentity

    Regex Filter

    Enter any required Regex filters for this attribute

    Inverse Regex

    Click this checkbox to enable inverse Regex

Assign Image Attribute to Delegation

To tie the photo to the user, you will need to map the Photo attribute to the delegation for that user and activate it in User Settings.

  1. In the People > Settings > Delegations > Profile Details > Attributes > Add Another Attribute menu, choose the Friendly Name that represents the attribute configured earlier and click Create.

  2. Update and Save the Delegation changes.

  3. Navigate to Configuration > Security > LDAP > User Settings and enable User Profile Image. Select the attribute that was just created from the Attribute drop-down list and click Save.

Create and Run Connect Action Set

To push the URLs or binary details to the directory, create a Connect Action Set for the following tasks:

  • URL images: save the URL as a string attribute and push the attribute to the directory in LDAP.

  • Binary images: ensure the data is loaded as bytes, and then save it to the desired LDAP attribute.