Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Custom Target Systems

Managing custom target systems Setting up script-controlled data provisioning in a custom target system Basic data for custom target systems Setting up a custom target system Container structures in a custom target system User accounts in a custom target system Groups in a custom target system Entering permissions controls Reports about custom target systems Configuration parameters for managing custom target systems

Target system types

Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type. In addition, tables containing outstanding objects are maintained on target system types. For more information, see Post-processing outstanding objects.

To assign user accounts to system entitlements with a target system type

  • Define a target system type.
  • Assign target systems to the target system type.

To edit target system types

  1. Select the Custom target systems | Basic configuration data | Target system types category.
  2. Select the target system type in the result list.

    - OR -

    Click in the result list.

  3. Edit the target system type master data.
    Table 15: Master data for a target system type

    Property

    Description

    Target system type

    Target system type description.

    Description

    Text field for additional explanation.

    Display name

    Name of the target system type as displayed in One Identity Manager tools.

    Cross-boundary inheritance

    Specifies whether user accounts can be assigned to groups if they belong to different custom target systems.

    NOTE: If this option is not set, the target system type is used to group the target systems.

    Show in compliance rule wizard

    Specifies whether the target system type for compliance rule wizard can be selected when rule conditions are being set up.

    Text snippet

    Text snippets used for linking text in the compliance rule wizard.

  4. Save the changes.

To assign a custom target system to a target system type

  1. Select the Custom target systems | Basic configuration data | Target systems category.
  2. Select the target system in the result list.
  3. Select the Change master data task.
  4. From the Target system type menu, select the target system type to which you want to assign the target system.
  5. Save the changes.

Displaying custom schema extensions for custom target systems

You can view custom columns in the UNSAccountB, UNSContainerB, UNSGroupB, UNSItemB, and UNSRootB tables on forms the Manager. To do this, modify the custom column's column definition.

For more detailed information about adding custom columns to tables using the Schema Extension program and adjusting the column definitions using the Designer, see the One Identity Manager Configuration Guide.

To view custom columns for the UNSAccountB, UNSContainerB, UNSGroupB, UNSItemB, and UNSRootB tables on forms in the Manager

  • In the Designer, specify the order for displaying input fields in the Sort order property (DialogColumn.SortOrder). Columns with a sort order of less that one are not displayed.

  • In the Designer, modify the Group property (DialogColumn.ColumnGroup) in the column definition of the custom columns. The group determines which tab the column will appear on.

    • If you do not enter a group in the column configuration, the column will be displayed on a tab with the name Custom for all target system types.

    • If you enter a group in the column configuration, the column will be displayed on a tab with the group's name for all target system types. The group's name must not match the name of a target system type.

    • If you want to display a column for a particular target system type, only enter the specific target system type (DPRNamespace.Ident_DPRNamespace) as group. The column is displayed on a tab with the target system type's name. The column is not displayed for any other target system types.

    • To display more than one target system type, enter the target system types as groups by delimiting them with a comma. The column will be displayed on a tab with the target system type's name for each of the target system types entered. The column is not displayed for any other target system types.

    • To display the column for one or more target system types, but only on one tab with another name, enter the target system types delimited by commas (,) and the tab name as the group. This group will be used as tab name for all the target system types entered. The column is not displayed for any other target system types.

Example

UNSAccountB is extended by five columns. The columns should be displayed as follows for target system type A, target system type B and target system type C.

  • You want to display Column 1 on the Custom tab for all target system types.

  • You want to display Column 2 on the Group A tab for all target system types.

  • You want to display Column 3 on the Target system type B tab for target system type B. Columns are not displayed for target system type A and target system type C.

  • You want to display column 4 for target system type B on the Target system type B tab and for target system type C on the Target system type C tab. The column is not displayed for target system type A.

  • You want to display Column 5 on the Group A tab for target system type B and target system type C. The column is not displayed for target system type A.

Table 16: Column configuration example

Column

Group

Column 1

 

Column 2

Group A

Column 3

Target system type B

Column 4

Target system type B, target system type C

Column 5

Target system type B, target system type C, group A

Setting up a custom target system

Table 17: Configuration parameters for target system identification
Configuration parameter Meaning
TargetSystem | UNS | CreateNewRoot

The configuration parameter specifies whether new target systems can be added. If this parameter is set, custom target systems can be added.

To differentiate between objects from different custom target systems in the One Identity Manager database, specify an ID for each target system. Each object can be assigned to exactly one target system through this ID. You can add more properties to each ID to describe the target system in more detail.

To set up custom target systems

  • In the Designer, select the "TargetSystem | UNS | CreateNewRoot" configuration parameter.

To edit target system identifiers

  1. Select the Custom target systems | Basic configuration data | Target systems category.
  2. Select a target system in the result list. Select the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the target system type master data.
  4. Save the changes.
Tip: You can also edit target system properties in the Custom target systems | <target system> category.
Detailed information about this topic

General master data for a custom target system

Enter the following data for a custom target system.

Table 18: Custom target system master data

Property

Description

Target system

Name of the target system.

Target system type

Type of the target system. Several target systems can be grouped together in a target system type. You can assign user accounts to groups belonging to different target systems within a target system type.

Canonical name

Name of the target system conforming with DNS syntax.

target system name.parent target system name.master system name

Example

DHW2k01.Testlab.com

Distinguished name

Target system's distinguished name. This distinguished name is used to form distinguished names for child objects. If the target system does not supply any distinguished names, you can enter the target system identifier here, for example.

Syntax example: DC = <target system>

Display name

Name that is displayed in the One Identity Manager tools for the target system.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of employees to user accounts is used for this target system and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied.

User accounts are only linked to the employee (Linked state) if no account definition is given. This is the case on initial synchronization, for example.

Target system managers

Application role in which target system managers are specified. The target system managers only modify the target system objects assigned to them. Therefore, each target system can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this target system. Use the button to add a new application role.

Synchronized by

Type of synchronization through which the data is synchronized between the target system and One Identity Manager. You can no longer change the synchronization type once objects for this target system are present in One Identity Manager.

Table 19: Permitted values
Value Synchronization by Provisioned by
Synchronization by script none One Identity Manager script components
No synchronization none none

If you select Scripted synchronization, you can define custom processes to exchange data between One Identity Manager and the target system. You can configure data imports with the program Data Import or set up synchronization with the CSV connector in the Synchronization Editor.

Description

Text field for additional explanation.

Group memberships as MVP

Specifies whether group memberships can be grouped together as a list on an multi-value property column of this target system's user accounts (relevant for data import).

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating