OneAD Non-Personal Account Creation
> LDAP Migration Guidance
This guide helps application teams request Non-Personal Account (NPA) credentials to connect to the Lightweight Directory Access Protocol (LDAP) directory in OneAD for their applications that are migrating from ForgeRock OpenDJ.
đź’ˇ Non-Personal Accounts are service accounts designed for:
- Application-to-directory authentication
- Automated processes requiring LDAP access
- Service integrations that need persistent directory connectivity
NPAs are essential for maintaining application functionality during and after the migration from OpenDJ to OneAD infrastructure.
Completing the ServiceNow Request Form​
- Access the form here.
- Make sure all fields marked with a red asterisk (*) are properly completed with the appropriate information.
- Confirm the Additional Comment section contains sufficient details about the request.
Insufficient details will cause the request to be canceled. - Click the paperclip icon 🖇️ to upload an attachment to this request if needed.
- Click to Create a Requested Item (RITM) number for processing.
SNow Form Field References​
The following table provides guidance on the fields available in the SNow request form. Â Â * Required Field
| Field Name | Definition | Option | Field Type |
|---|---|---|---|
| Requested By* | The requester’s name | Employee | Searchable drop-down |
| Requested for* | The target user’s name | Employee | Searchable drop-down |
| Phone No.* | The requester’s contact number | Text box | |
| Phone No.* | The target user’s contact number | Text box | |
| GUID | The requester’s global user identification | Greyed-out field; auto-filled using requester’s information | Greyed-out text box |
| GUID | The target user’s global user identification | Greyed-out field; auto-filled using requester’s information | Greyed-out text box |
| Email ID | The requester’s email address | Greyed-out field; auto-filled using requester’s information | Greyed-out text box |
| Email ID | The target user’s email address | Greyed-out field; auto-filled using requester’s information | Greyed-out text box |
| Employee ID | The target user’s employee ID | Text box | |
| Additional Comment | Section for requesters to provide further information pertaining to the request. Note: Be as detailed as possible as this section may be used during audit. | Text area | |
| Active Directory Request Type* | List of active directories available to request Note: OneAD is selected for this document. | OneAD | Searchable drop-down |
| OneAD Request Type* | List of OneAD options available to request Note: Non-Personal Creation was selected for this document. | Non-Personal Account Creation | Searchable drop-down |
| Select Service Account Type* | List of tiers available to request:
| Tier 1 (Azure Synced) Tier 1 Tier 2 | Searchable drop-down |
| Add attachments | Area to upload files | File upload |
NPA Types​
Listed below are the distinct types of Non-Personal Accounts that can be requested:
Distinct Non-Personal Account Types
- Tier 1 (Azure synced)
Tier 1 service accounts are used for applications and servers hosted in Tier 1. This account type is synchronised with Azure AD. - Tier 1
Tier 1 NPAs are used for applications and servers hosted in Tier 1. - Tier 2
Tier 2 NPAs are used for applications and servers hosted in Tier 2.
The table below provides high level guidance on key words and terms found in the SNow form. Â Â * Required Field
| Field Name | Definition | Option | Field Type |
|---|---|---|---|
| Service Account Name* | Official account name to be created; it will be suffixed with a -SVC | To be filled by requestor | Text box |
| Application Name* | Application that the service account will run on/that is affected | To be filled by requestor | Text box |
| IT Service* | Use the same IT service as specified in SNow for the service account | To be filled by requestor | Text box |
| Configuration Item (CI) Name | The CI of the application(s) associated with the NPA | N/A. Pulled from details from Application Name | Auto-populated |
| Primary Server Name* | Server for which the account is housed | To be filled by requestor | Text box |
| Primary Service Account Owner* | The person responsible for the overall governance of the service account; they will be the point of contact for any topic pertaining to the account | Employee | Searchable drop-down |
| Secondary Service Account Owner* | The additional person responsible for the overall governance of the service account; they will be the point of contact for any topic pertaining to the account | Employee | Searchable drop-down |
| Service Manager* | The person responsible for the account's maintenance and operation; the service manager is designated as the approver for the request | Employee | Searchable drop-down |
| PwC App Support Team Distribution List | The application support team’s email address | To be filled by requestor | Text box |
| Line of Service | Identifies the line of service (LoS) of the application requesting the account. | Advisory Assurance IFS Tax | Drop-down |
| Account Type | Decides the type of account to be created; SVC for Service, MDA for Managed Domain Account (CyberArk managed account) | SVC MDA | Drop-down |