We are setting up an CA IDM environment and are a little confused by this "User Store" that is showed on most of the documented IDM architecture.
We have installed IDM 12.6 all in one VM for lab purposes. Also have a couple of endpoints like Unix, AD and a Database. Our main intention was to have the IDM server connected to my provisioning server and the Provisioning server to the endpoints. But now we are seeing that IDM requires a directory (User Store) so we decided to use the AD for it. We've been reading on multiple posts of the community that is not so good to use your AD as your IDM User Store so we decided to stop there and ask.
So our questions are:
1)What does the IDM uses the "User Store" for?
2)What is the difference between the users stored on my Provisioning Directory and the IDM User Store?
3)Why is not a good thing to use the AD as the IDM User Store?
4)What is recommended to use as "User Store"?
If any of you guys could give us a good explanation of the differences of each directory and the purpose of the user store we would really appreciate it, this seems to be key for a good implementation.
Thanks in advanced