Global cardholder management (GCM) and Active Directory integration are both used to centralize the management of cardholder information in Security Center, but their approach is different.
The following table highlights the differences between GCM and Active Directory integration.
Best Practice: Use Active Directory integration and GCM in tandem. The sharing host should be the only system that integrates with the Active Directory. This solution keeps the Active Directory protected on the corporate LAN, while the sharing host only pushes the employee information that need to be shared to the satellite systems.
|Active Directory integration||Global Cardholder Management (GCM)|
|Purpose: Centralized employee (users and cardholders) security management||Purpose: Centralized employee (cardholders) security management|
|Allows an organization to manage the employee information from a central location, and share it with a single Security Center system (users and cardholders).||Allows an organization to manage the cardholder information from a central location, and share it with all Security Center systems within the organization.|
|The corporate directory service is the information source. Security Center gets the employee information from the corporate directory service.||One Security Center system acts as the information source (sharing host), and shares it with all other Security Center systems within the organization (sharing guests).|
|The Security Center system connects to the information source (directory service) through the Active Directory role.||The sharing guests connect to the information source (sharing host) through the Global Cardholder Synchronizer role.|
|Custom fields defined on the Active Directory can be linked to Security Center custom fields.||All custom fields and data types are shared.|
|The shared employee information can only be modified on the Active Directory. Only the cardholder picture can be loaded in Security Center and updated on the Active Directory.||The shared information can be modified by all sharing parties. The sharing host validates and propagates the changes to all sharing parties.|
|The source information can only be shared with one Security Center system. If multiple Security Center systems need to share the same information, they need to connect individually to the corporate directory service.||The central Security Center system can share the cardholder information with as many satellite Security Center systems as necessary.|