Target Systems
A target system is any infrastructure component that OrbisID scans for privileged accounts and entitlements. Each system type uses a dedicated connector that determines how OrbisID connects, authenticates, and collects account data.
Supported System Types
| System Type | Protocol | Default Port | Edition | Page |
|---|---|---|---|---|
| Active Directory | LDAP / LDAPS | 389 / 636 | Community+ | View → |
| ARCON PAM | REST API | 443 | Pro+ | View → |
| AWS | IAM REST API (SigV4) | 443 | Pro+ | View → |
| Azure AD | Microsoft Graph API | 443 | Pro+ | View → |
| BeyondTrust | REST API | 443 | Pro+ | View → |
| Bravura Privilege | REST API | 443 | Pro+ | View → |
| Cisco IOS | SSH | 22 | Pro+ | View → |
| CSV | File import | — | Pro+ | View → |
| CSV PAM | File import | — | Community+ | View → |
| Custom Script | Script execution | — | Enterprise | View → |
| CyberArk | REST API | 443 | Pro+ | View → |
| Delinea Privilege Manager | REST API | 443 | Pro+ | View → |
| Delinea Secret Server | REST API (OAuth 2.0) | 443 | Pro+ | View → |
| Microsoft Entra External Identities | Microsoft Graph API | 443 | Pro+ | View → |
| F5 BIG-IP | iControl REST API | 443 | Pro+ | View → |
| ForgeRock / PingAM | REST API | 443 | Pro+ | View → |
| Fortinet FortiGate | REST API | 443 | Pro+ | View → |
| FreeIPA | JSON-RPC API | 443 | Pro+ | View → |
| GCP | Cloud IAM REST API | 443 | Pro+ | View → |
| Generic LDAP | LDAP / LDAPS | 389 / 636 | Community+ | View → |
| GitHub Enterprise Server | REST API | 443 | Pro+ | View → |
| Google Cloud IAM (Org) | Resource Manager REST API | 443 | Pro+ | View → |
| Google Workspace | Admin SDK REST API | 443 | Pro+ | View → |
| HashiCorp Vault | Vault HTTP API | 8200 | Pro+ | View → |
| IBM Db2 | JDBC | 50000 | Pro+ | View → |
| IBM Security Verify | REST API | 443 | Pro+ | View → |
| Jira / Confluence DC | REST API | 443 | Pro+ | View → |
| JumpCloud | REST API | 443 | Pro+ | View → |
| Juniper Junos | NETCONF over SSH | 830 | Pro+ | View → |
| Linux | SSH | 22 | Community+ | View → |
| Microsoft 365 | Microsoft Graph API | 443 | Pro+ | View → |
| MongoDB | SSH | 22 | Pro+ | View → |
| MySQL / MariaDB | JDBC (MySQL Connector/J) | 3306 | Pro+ | View → |
| Okta | Management REST API | 443 | Pro+ | View → |
| One Identity Safeguard | REST API | 443 | Pro+ | View → |
| Oracle Database | JDBC (ojdbc11) | 1521 | Pro+ | View → |
| Palo Alto PAN-OS | REST API | 443 | Pro+ | View → |
| Ping Identity (PingOne) | Management REST API | 443 | Pro+ | View → |
| PostgreSQL | JDBC (pgjdbc) | 5432 | Pro+ | View → |
| Salesforce | REST API | 443 | Pro+ | View → |
| SAP S/4HANA | OData REST API | 443 | Pro+ | View → |
| Saviynt | REST API | 443 | Pro+ | View → |
| SCIM 2.0 | SCIM 2.0 REST API | 443 | Pro+ | View → |
| Senhasegura | A2A REST API (OAuth 2.0) | 443 | Pro+ | View → |
| ServiceNow | Table REST API | 443 | Pro+ | View → |
| SQL Server | JDBC | 1433 | Pro+ | View → |
| Teleport | REST API | 3080 | Pro+ | View → |
| Wallix Bastion | REST API | 443 | Pro+ | View → |
| Windows | WinRM | 5985 / 5986 | Community+ | View → |
| Workday | REST API | 443 | Pro+ | View → |
System Type Classifications
Each target system is assigned a System Type classification, which determines how it is treated in reports and KRI calculations:
| Classification | Description | Examples |
|---|---|---|
| Directory Service | Identity and authentication stores | Active Directory, LDAP directories |
| Server | Operating system instances | Linux servers, Windows servers |
| Infrastructure | Database, middleware, and platform systems | SQL Server, Oracle, middleware |
| Workstation | End-user desktop and laptop systems | Windows workstations |
| Application | Business applications and SaaS platforms | ERP systems, custom apps |
| PAM Tool | Privileged Access Management solutions | CyberArk, BeyondTrust, Bravura Privilege |
Scan Priority
Systems have a scan priority (integer) that controls execution order within a scan policy. Lower numbers scan first.
| System Classification | Default Priority |
|---|---|
| Directory Service | 10 |
| Server | 200 |
| All others | 500 |
Directory Services are scanned first because they provide identity context used to classify accounts on other systems.
Set priority to -1 to exclude a system from all scheduled scan policies while still allowing manual "Scan Now" scans.
Connectivity
Target systems can be reached directly by the OrbisID server or via an On-Premise Agent deployed in segmented networks.
See System Requirements for the full list of required network ports.