Chat now with support
Chat mit Support

Identity Manager 9.3 - Administration Guide for Connecting to Custom Target Systems

Managing custom target systems Synchronizing custom target systems Managing user accounts and identities Managing assignments of groups and system entitlements Login credentials for user accounts Mapping custom target system objects in One Identity Manager Treatment of custom target system objects in the Web Portal Basic configuration data for custom target systems Configuration parameters for managing custom target systems

Email notifications about login data

You can configure the login credentials for new user accounts to be sent by email to a specified person. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages. The mail text in a mail template is defined in several languages. This means the recipient’s language can be taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

The following prerequisites must be fulfilled in order to use notifications:

  1. Ensure that the email notification system is configured in One Identity Manager. For more information, see the One Identity Manager Installation Guide.

  2. In the Designer, set the Common | MailNotification | DefaultSender configuration parameter and enter the sender address for sending the email notifications.
  3. Ensure that all identities have a default email address. Notifications are sent to this address. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.
  4. Ensure that a language can be determined for all identities. Only then can they receive email notifications in their own language. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

When a randomly generated password is issued for the new user account, the initial login data for a user account is sent by email to a previously specified identity.

To send initial login data by email

  1. In the Designer, set the TargetSystem | UNS | Accounts | InitialRandomPassword configuration parameter.

  2. In the Designer, set the TargetSystem | UNS | Accounts | InitialRandomPassword | SendTo configuration parameter and enter the message recipient as a value.

  3. In the Designer, set the TargetSystem | UNS | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName configuration parameter.

    By default, the message sent uses the mail template Identity - new user account created. The message contains the name of the user account.

  4. In the Designer, set the TargetSystem | UNS | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword configuration parameter.

    By default, the message sent uses the mail template Identity - initial password for new user account. The message contains the initial password for the user account.

TIP: To use custom mail templates for emails of this type, change the value of the configuration parameter.

Mapping custom target system objects in One Identity Manager

A custom target system's user accounts, groups, system entitlements, container structures, and additional permissions controls can be mapped in One Identity Manager. These objects are imported into the One Identity Manager database during synchronization. You cannot display or edit their properties in the Manager. To differentiate between objects from different custom target systems in the One Identity Manager database, specify an ID for each target system.

Detailed information about this topic

Custom target system identifiers

To differentiate between objects from different custom target systems in the One Identity Manager database, specify an ID for each target system. Each object can be assigned to exactly one target system through this ID. You can add more properties to each ID to describe the target system in more detail.

To set up custom target systems

  • In the Designer, set the TargetSystem | UNS | CreateNewRoot configuration parameter and compile the database.

    If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

To create or edit a target system identifier

  1. In the Manager, select the Custom Target Systems > Basic configuration data > Target systems category.

  2. Select a target system in the result list. Select the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the target system type main data.

  4. Save the changes.

TIP: You can also edit target system properties in the Manager in the Custom Target Systems > <target system> category.

Detailed information about this topic

General main data for custom target systems

Enter the following data for a custom target system.

Table 21: Custom target system main data

Property

Description

Target system

Name of the target system.

Target system type

Type of the target system. Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type.

Canonical name

Name of the target system conforming with DNS syntax.

target system name.parent target system name.primary system name

Distinguished name

Target system's distinguished name. This distinguished name is used to form distinguished names for child objects. If the target system does not supply any distinguished names, you can enter the target system identifier here, for example.

Syntax example: DC = <target system>

Display name

Name that is displayed in the One Identity Manager tools for the target system.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of identities to user accounts is used for this target system and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied.

User accounts are only linked to the identity (Linked) if no account definition is given. This is the case on initial synchronization, for example.

Deferred deletion [days]

Number of days to defer deletion operations for this target system. For more information, see Setting deferred deletion for custom target system user accounts.

Target system managers

Application role in which target system managers are specified. The target system managers only modify the target system objects assigned to them. Therefore, each target system can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this target system. Use the button to add a new application role.

Synchronized by

Type of synchronization through which the data is synchronized between the target system and One Identity Manager. You can no longer change the synchronization type once objects for this target system are present in One Identity Manager.

Table 22: Permitted values
Value Synchronization by Provisioned by

Synchronization by script

none

One Identity Manager script components

No synchronization

none

none

If you select Scripted synchronization, you can define custom processes to exchange data between One Identity Manager and the target system. You can configure data imports with the program Data Import or set up synchronization with the CSV connector in the Synchronization Editor.

Types of system entitlements used

Types of system entitlements to which user accounts can be assigned in this target system.

User account has memberships

Specifies for which types of system entitlements, assignments are maintained in the user accounts.

Enable the types with assignments that are maintained in the user accounts. The assignments are stored in the UNSAccountBHasUNSGroupB, UNSAccountBHasUNSGroupB1, UNSAccountBHasUNSGroupB2, UNSAccountBHasUNSGroupB3 tables.

Disable the types with system entitlement assignments to be maintained. The assignments are stored in the UNSAccountBInUNSGroupB, UNSAccountBInUNSGroupB1, UNSAccountBInUNSGroupB2, UNSAccountBInUNSGroupB3 tables.

Example:

In the System entitlement types used menu, the values Group and System entitlement 1 are selected. In the User account has memberships menu, only the value System entitlement 1 is selected.

The assignments to the system entitlements are stored in the UNSAccountBHasUNSGroupB1 (System entitlement 1: Assignments to user accounts) and UNSAccountBInUNSGroupB (User accounts: Assignments to groups) tables.

Description

Text field for additional explanation.

Group memberships as MVP

Specifies whether group memberships can be grouped together as a list on an multi-value property column of this target system's user accounts (relevant for data import).

Container structure

Specifies whether the target system has a contain structure.

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen