Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

RemoteConnectPlugin

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with target system to do this. because of the firewall configuration, for example, you can set up a remote connection. Prerequisite for this is that the RemoteConnectPlugin is installed on the Job server.

The plugin requires the following parameters:

Table 211: RemoteConnectPlugins Parameters
Parameter Value Description
Authentication method (AuthenticationMethod) ADSGroup Method with which incoming queries can be authenticated.

Permitted values: ADGroup

Permitted AD group (ADGroupAuthPermittedGroup)   Distinguished name or object SID of the Active Directory group whose members are permitted to use a remote connection. This parameter is only required for the authentication methods "ADGroup".
Port (Port) 2880 Port for reaching the server.

NOTE: Authentication of a remote connection can only be done through an Active Directory group.

Module File with Private Key

In this module, you provide the data for files with a private key. Use this parameter if you work with several private keys, for example, if One Identity Manager Service data must be exchanged between two encrypted One Identity Manager databases. If no key is entered, the private key file from the JobServiceDestination parameter "File with private key (PrivateKey)" is used.

To enter a file with a private key

  1. Click New.
  2. Enter the private key ID in the Property column. The ID is expected in the JobServiceDestination in the parameter "Private key identifier (PrivateKeyId). The default key has the ID "Default".
  3. Enter the path of the key file in the value column. You can enter the absolute or relative path to the One Identity Manager Service.
Example of the configuration in the file Jobservice.cfg.

configuration>

<category name="privatekeys">

<value name="Default">private.key</value>

<value name="Key2">key2.key</value>

<value name="OtherKey">C:\Path\To\Other.key</value>

</category>

</configuration>

Related Topics

Handling Processes in the One Identity Manager

Handling Processes in the One Identity Manager

One Identity Manager uses so called 'processes' for mapping business processes. A process consists of process steps, which represent processing tasks and are joined by predecessor/successor relations. This functionality allows flexibility when linking up actions and sequences on object events.

So-called process tasks are used to perform single elementary tasks at system level, for example, adding a directory. A process component consists of one or more process tasks and its parameters. Process components are defined in the tables Jobcomponent, Jobtask and Jobparameter along with their process tasks and parameters. Predefined configurations are maintained by the schema installation and cannot be edited apart from a few properties.

Processes are modeled using process templates. A process generator (Jobgenerator) is responsible for converting script templates in processes and process steps into a concrete process in the ’Job queue’.

One Identity Manager Service, a service running on the target system, collects the process steps from the Job queue. The process steps are executed by process components in the target system. The One Identity Manager Service also creates an instance of the required process component and passes the parameters to the process step. Decision logic monitors the execution of the process steps and determines how processing should continue depending on the results of the executed process components. The One Identity Manager Service enables parallel processing of process steps because it can create several instances of process components. The One Identity Manager Service is the only One Identity Manager component authorized to make changes in the target system.

The following illustration shows a chain of process steps with which you can add an employee, set up an Active Directory user account for him or her and finally add a mailbox.

You can reproduce this sequence in a process. However, you can also define entry points for other processes. The result of entering at point "process 1" is the addition of an employee with an Active Directory account with a mailbox. Joining at entry point "process 2" only results in the addition of an Active Directory user account with a mailbox.

Figure 45: Creating a Single Process by Linking Process Steps

Detailed information about this topic

Working with the Process Editor

Working with the Process Editor

The Process Editor is the program that you use to define and edit processes. The editor is started from the program "Designer" and opens in the document view. Only additional Process Editor functions are described in the following.

Related Documents