Chat now with support
Chat with Support

Identity Manager 9.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics
Overview of the One Identity Manager schema Table types and default columns in the One Identity Manager data model Notes on editing table definitions and column definitions Table definitions Column definitions Table relations Dynamic foreign key Supporting file groups
Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

Defining bitmasks

You can only define bitmasks for columns with theint type.

NOTE: You can only enter or extend a bitmask for a column if the option Customizing bitmasks is not allowed is not set.

To create a bitmask

  1. In the Designer, select One Identity Manager Schema.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. Select the column and then the Column properties view.

  4. Select the Value settings tab and set the Defined bitmask option.

  5. Under Sort criteria of bitmask, select the sort criteria for displaying the value.

    You have the following options:

    • Bit position: Sort by position.

    • Display: Sort by display value.

  6. Click and enter the following properties.

    • Bit position: Each bit position. The first bit in the definition start with the index 0.

    • Display value: Name used to display the value. Translate the given text using the ... button.

    • Disabled: Specifies whether the value is disabled.

    NOTE: To edit a value, select the value and click . To delete a value, select the value and click . To delete all values, click .

  7. Select the Database > Commit to database and click Save.

Related topics

Configuring columns for full-text search

Full-text searching uses an external search index, which returns an object key as result. The object key is used to run a search query in the database. This database search query takes the permissions of the logged in user into account during the search. A maximum of 1000 objects can be returned by through the search index.

The full text search can be used in the Manager and in the Web Portal. For more information, see the One Identity Manager Web Designer Web Portal User Guide and the One Identity Manager User Guide for One Identity Manager Tools User Interface.

Prerequisites for using full text search is an application server installed with the search service.

  • If you run the Web Portal directly over an application server installed with the search service, you can use the full text search immediately.

  • If you are working with the Web Portal and an application server without a search service installed or with a direct database connection, you will need to enter an application server with a search service in the Web Portal configuration file. Full text search is available in the Web Portal once this has been done.

  • To use full text search in the Manager, you must run the Manager over an application server with an installed search service.

For more information about installing an application server and configuring the Web Portal for full-text search, see the One Identity Manager Installation Guide.

The following applies for the configuration of the full text search:

  • The columns XDateInserted, XDateUpdated, and XObjectKey must be available if you want to index a table or database view for full text search.

  • Columns for full text searching must be weighted. Increasing weighting results in a higher position in the full text search result. The default installation provides columns for the full-text search with a weighting of 1.

    Example:

    The column Person.CentralAccount is weighted with the value 1. The column ADSAccount.SAMAccountName is weighted with the value 0.5. This results in the identity being listed before the user account in the full text search.

    NOTE: Weighting does not have any effect on how the results are sorted in the user interface. For example, if you limit the search in the Web Portal to the 100 best matches, weighting determines which 100 objects are returned. But these 100 objects are then sorted again by the user interface.

  • Only columns with the .Net data types String, Text, or Int can be included in the full-text search.

    Exception: Columns that contain a list of permitted values, can always be included to the full text search.

  • Columns of tables with the Work tables or Historical transaction data usage type cannot be included in the full-text search.

  • Columns of assignment tables (M:N tables, M:all tables) cannot be included to the full-text search.

The search service indexes the following:

  • Column content

  • Foreign key column display value

  • Display values for lists of permitted values

  • Translation for every active language

  • Object display value, if the table's primary key column is configured for full text search

    The object's display value comes from the display pattern defined for the table. The display value's weighting comes from the table's primary key column weighting

    Example:

    The Person.UID_Person column is configured for full-text search. The display pattern of the Person table is defined as %InternalName% (%CentralAccount%).

    So the display value of Alex Miller (AlexM) is indexed for the identity Alex Miller.

The searched index is updated when changes are made to a table with indexed columns, to referenced tables or translations.

Certain important columns are already indexed for full text search in the default installation. You configure more columns for full text searching if you require.

To configure a column for full text search

  1. In the Designer, select the One Identity Manager Schema category.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. Select the column and then the Column properties view.

  4. Select the Column tab and edit the Index weighting property.

    • If the value is less than or equal to 0, no indexing takes place.

    • If the value is greater than 0, the data value is indexed.

  5. Select the Database > Commit to database and click Save.

Related topics

Scripts for conditionally displaying and editing columns

In principle, a user's permissions for displaying and editing columns are controlled by permissions in permissions groups.

However, you can also use scripts to conditionally display or edit scripts. For example, in this way you can control whether or not a column, on a main data form in the Manager, is displayed or can be edited only if another column has a specific value.

Example:

A system role is disabled until the release data is reached. During this time period, the user must be prevented from changing the disabled option in the Manager.

To do this, a script is created specifying the edit permissions for the ESet.IsInActive column.

If $ReleaseDate:Date$>Connection.LocalNow Then

Value = False

Else

Value = True

End If

NOTE:

  • The script does not change the user’s permissions but simply the behavior if the object is loaded in one of the One Identity Manager tools. If you want to limit visibility and editability of a column, change the column permissions of the permissions groups. For more information, see the One Identity Manager Authorization and Authentication Guide.

  • The scripts only affect interactively loaded objects.

  • For example, in lists in the Manager or in the Web Portal, objects are not loaded interactively so the scripts do not work.

  • In the Web Portal, a lot of objects are not loaded interactively due to performance reasons. If you want to use this behavior in the Web Portal, you must customize the components in the Web Designer. In this case, there can be adverse effects on performance when objects are loaded. For more information about editing Web Designer components, see the One Identity Manager Web Designer Reference Guide.

To specify a script for conditionally displaying and editing a column

  1. In the Designer, select the One Identity Manager Schema category.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. Select the column and then the Column properties view.

  4. Select the Permissions scripts and enter the following scripts in VB.Net syntax.

    • Visibility script: Script for conditionally displaying the column. If the return value is false, the column is not displayed in any One Identity Manager tools.

    • Editability script: Script for conditionally editing the column. If the return value is false, the column cannot be edited in any One Identity Manager tools.

  5. Select the Database > Commit to database and click Save.

Related topics

Editing column definitions

To edit column properties

  1. In the Designer, select the One Identity Manager schema category.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. Select the column in the Schema Editor and edit the column properties.

  4. Select the Database > Commit to database and click Save.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating