Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Custom Target Systems

Managing Custom Target Systems Setting up Script Controlled Data Provisioning in a Custom Target System Base Data for Custom Target Systems Setting up a Custom Target System Container Structures in a Custom Target System User Accounts in a Custom Target System Groups in a Custom Target System Entering Permissions Controls Reports about Custom Target Systems Appendix: Configuration Parameters for Managing Custom Target Systems

Target System Types

Target system types

Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type. In addition, tables containing outstanding objects are maintained on target system types. For more information, see Post-Processing Outstanding Objects.

To assign user accounts to system entitlements with a target system type

  • Define a target system type.
  • Assign target systems to the target system type.

To edit target system types

  1. Select the category Custom target systems | Basic configuration data | Target system types.
  2. Select the target system type in the result list.

    - OR -

    Click in the result list toolbar.

  3. Edit the target system type master data.
    Table 17: Master Data for a Target System Type

    Property

    Description

    Target system type

    Target system type description.

    Description

    Spare text box for additional explanation.

    Display Name

    Name of the target system type as displayed in One Identity Manager tools.

    Cross boundary inheritance

    Specifies whether user accounts can be assigned to groups if they belong to different custom target systems.

    NOTE: If this option is not set, the target system type is used to group the target systems.

    Show in compliance rule wizard

    Specifies whether the target system type for compliance rule wizard can be selected when rule conditions are being set up.

    Text snippet

    Text snippets used for linking text in the compliance rule wizard.

  4. Save the changes.

To assign a custom target system to a target system type

  1. Select the category Custom target systems | Basic configuration data | Target systems.
  2. Select a target system in the result list.
  3. Select Change master data in the task view.
  4. Select Target system type from the target system type to which you want to assign the target system.
  5. Save the changes.

Displaying Customized Schema Extension for Custom Target Systems

You can display custom columns in tables UNSAccountB, UNSContainerB, UNSGroupB, UNSItemB and UNSRootB in the Manager. To do this, modify the custom column's column definition.

See the One Identity Manager Configuration Guide for detailed information about extending tables with custom columns using the program "Schema Extension" and about customizing column definitions with the program "Designer".

To display custom columns for the tables UNSAccountB, UNSContainerB, UNSGroupB, UNSItemB and UNSRootB on forms in the Manager

  • Specify the order for displaying input fields in the Designer in the property Sort order (DialogColumn.SortOrder). Columns with a sort order of less that one are not displayed.

  • Modify the property Group (DialogColumn.ColumnGroup) in the Designer in the custom column's column definition. The group determines, which tab the column will appear on.

    • If you do not specify a group, the column will be displayed on a tab with the name "Custom" for all target system types.

    • If you enter a group in the column configuration, the column will be displayed on a tab with the group's name for all target system types. The group's name must not match the name of a target system type.

    • If you want to display a column for a particular target system type, only enter the specific target system type (DPRNamespace.Ident_DPRNamespace) as group. The column is displayed on a tab with the target system type's name. The column is not displayed for any other target system types.

    • To display more than one target system type, enter the target system types as groups by delimiting them with a comma. The column will be displayed on a tab with the target system type's name for each of the target system types entered. The column is not displayed for any other target system types.

    • To display the column for one or more target system types, but only on one tab with another name, enter the target system types delimited by commas (,) and the tab name as the group. This group will be used as tab name for all the target system types entered. The column is not displayed for any other target system types.

Example

The table UNSAccountB is extended by 5 columns. The columns should be displayed as follows for target system type A, target system type B and target system type C.

  • Column 1 on the "Custom" tab for all target system types.

  • Column 2 on the tab "Group A" for all target system types.

  • Column 3 on the tab "Target system type B" for the target system type B. Columns are not displayed for target system type A and target system type C.

  • Column 4 on the tab "Target system type B" for target system type B and on the tab "Target system type C" for target system type C. The column is not displayed for target system type A.

  • Column 5 on the tab "Group A" for target system type B and target system type C. The column is not displayed for target system type A.

Table 18: Column Configuration Example

Column

Group

Column 1

 

Column 2

Group A

Column 3

Target system type B

Column 4

Target system type B, target system type C

Column 5

Target system type B, target system type C, group A

Setting up a Custom Target System

Setting up a Custom Target System

Table 19: Configuration Parameters for Target System Identification
Configuration parameter Meaning
TargetSystem\UNS\CreateNewRoot

The configuration parameter specifies whether new target systems can be added. If this parameter is set, custom target systems can be added.

To differentiate between objects from different custom target systems in the One Identity Manager database, specify an ID for each target system. Each object can be assigned to exactly one target system through this ID. You can add more properties to each ID to describe the target system in more detail.

To set up custom target systems

  • Select the configuration parameter "TargetSystem\UNS\CreateNewRoot" in the Designer.

To edit target system identifiers

  1. Select the category Custom target systems | Basic configuration data | Target systems.
  2. Select a target system in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the target system type master data.
  4. Save the changes.

Tip: You can also edit target system properties in the category Custom target systems | <target system>.
Detailed information about this topic

General Master Data for a Custom Target System

General Master Data for a Custom Target System

Enter the following data for a custom target system.

Table 20: Custom Target System Master Data

Property

Description

Target System

Name of the target system.

Target system type

Type of the target system. Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type.

Canonical name

Name of the target system conforming with DNS syntax.

target system name.parent target system name.master system name

Example

DHW2k01.Testlab.com

Distinguished name

Target system's distinguished name. This distinguished name is used to form distinguished names for child objects. If the target system does not supply any distinguished names, you can enter the target system identifier here, for example.

Syntax example: DC = <target system>

Display name

Name that is displayed in the One Identity Manager tools for the target system.

Account definition (initial)

Initial account definition for creating user accounts. These account definitions are used if automatic assignment of employees to user account is used for this domain resulting in administered user accounts (state "Linked configured"). The account definition's default manage level is applied.

User accounts are only linked to the employee (state "Linked") if no account definition is given. This is the case on initial synchronization, for example.

Target system managers

Application role in which target system managers are specified. The target system managers only modify the target system objects assigned to them. Therefore, each target system can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this target system. Use the button to add a new application role.

Synchronized by

NOTE: You can only specify the synchronization type when adding a new custom target system. No changes can be made after saving.

Type of synchronization through which the data is synchronized between the target system and One Identity Manager.

Table 21: Permitted Values
Value Synchronization by Provisioned by
Synchronization by script none One Identity Manager script components
No synchronization none none

If you select "Synchronize by script" you can define custom processes to exchange data between One Identity Manager and the target system. You can configure data imports with the program "Data Import" or set up synchronization with the CSV connector in the Synchronization Editor.

Description

Spare text box for additional explanation.

Group memberships as MVP

Specifies whether group memberships can be grouped together as a list on an multi-valued property column of this target system's user accounts (relevant for data import).

Related Topics
Related Documents