Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Applying the schema extensions

In this step, you add the schema extensions to the database.

To add schema extensions in the Schema Extension

  1. Changes to the schema are displayed on the page System modifications.
    1. Set Attach statements to existing file to add the statements to an existing file.
    2. Select Save to file and enter a file name. The statements are saved as an XML file.
  2. Click Next.
  3. Confirm the security prompt with Yes.

    The schema extensions are added to the database and the necessary extensions are made to the One Identity Manager system data model. This make take some time.

  4. The current DBQueue Processor calculation tasks are displayed on the System queue page. After the calculation tasks have finished processing, click Next.
  5. On the Compilation page, click Next.

    The compilation process can take some time.

  6. Click Next after compilation is complete.
  7. On the last page, you return to the beginning of the wizard to enter more extensions or click Finished to end the program.

After completing the schema extensions, you can access them with One Identity Manager tools and make further changes.

Related Topics

Recommendations for advanced configuration of custom schema extensions

Once you have added custom tables or columns to the One Identity Manager schema, some additional steps are necessary to display the extensions in the Manager user interface.

General recommendations
  • Edit the object layer using the One Identity Manager tools. This ensures that the data generated have the expected format.
  • Always edit the object layer in the default language of a One Identity Manager installation, for example, English - United States [en-US]. For this purpose, set the login language to English (USA) in the One Identity Manager tools.
  • The Designer contains a variety of consistency checks. Run these consistency checks and apply the repair methods after carrying out a schema extension and after making changes to table and column definitions. For detailed information on checking data consistency, see the One Identity Manager Operational Guide.

Recommendations for table definitions, column definitions and table relations

The properties include, for example, display names, descriptions, display templates for tables and columns, value templates, formatting, required field definitions. For more information, see One Identity Manager schema basics.

  • Use the Designer Schema Editor to edit the table definitions and column definitions.
  • Set the table usage types in Designer. The table's usage type provides the basis for reports and the selection of tasks for daily maintenance.
  • In Designer edit the display name and icon for the tables. These properties are used when you create object definitions for the table.
  • In Designer define a display pattern to present table entries for instance in the result list of the One Identity Manager tools or in reports.

    NOTE: You do not need to enter a display template for many-to-many tables. For these tables, the viDB.DLL forms the display template from the foreign keys.
  • If there is a column combination for a table that needs to be unique, you define multi-column uniqueness in Designer.
  • Arrange the tables in Designer in the schema overview of the Schema Editor. Otherwise, the schema overview shows all new tables in the upper left corner of the module. The colored module background will be automatically adjusted upon re-loading objects.
  • In Designer record the display name for each column as well as a comment regarding display in the One Identity Manager tools.
  • You can label columns containing passwords in Designer with Encrypted.
  • Flag columns containing a user account name with the value Central user account in the Designer in the Table lookup support property.
  • Flag columns containing an email address with the value Email address in the Designer in the Table lookup support property.

  • The syntax type of the column definition is used to give the One Identity Manager tools the appropriate syntax highlighting or input assistance.
Recommendations for permissions

When you extend a schema using the Schema Extension program, you already assign permissions to permissions groups. You can carry on editing permissions in the Designer Permissions Editor and also create permissions groups with the User & Permissions Group Editor. Permissions groups can be linked to application roles. The users are assigned to application roles and therefore receive the permissions they require. For more detailed information, see the One Identity Manager Authorization and Authentication Guide.

Recommendations for Object Definitions

The data in the user interfaces is represented by means of objects. A generally applicable object definition without any limiting selection criteria is already created with the Schema Extension program. You can create other object definition constraints in addition. You create object definitions in the Designer. For more information, see Object definitions for the user interface.

Recommendations for Menu Navigation

Expand the menu to display the data in the Manager. Use Designer's User Interface Editor to create menu items for navigation and result lists. For detailed information, see User interface navigation and Recommendations for editing menu navigation.

Recommendations for user interface forms

Create or extend the forms for editing and displaying in Manager. For more detailed information, see Recommendations for editing forms, Editing user interface forms, Forms for custom extensions and Working with overview forms.

Recommendations for task definitions

If you want to offer particular tasks for the objects in theManager, you need to create task definitions in the Designer. For more information, see Task definitions for the user interface.

  • Create new task definitions if required.
  • Task definitions are created for object definitions so that different tasks can be shown in the user interface depending on the selected objects. If required, create more object definitions.
  • Assign the task definitions to the permissions groups for non role-based and role-based login.
  • If necessary, the task definition can be assigned a program function.
Recommendations for analyses

For data analysis purposes, you need to create statistics definitions and reports and incorporate these in the user interface. For more information, see Statistics in One Identity Manager and Reports in One Identity Manager.

Recommendations for localizing texts

For language-dependent display of texts in the Manager such as column names, comments, menu items, and form names, translate the texts using the DesignerLanguage Editor. For more information, see Language-dependent data representation.

Managing custom database objects within the database

To create transport packages with the Database Transporter program and to create reports about the system configuration, information about database objects such as customized database tables and database columns, database procedures, features, triggers, indexes or view definitions is stored in the database. The DBQueue Processor checks and updates this data.

NOTE: It is not usually necessary to edit the data manually although you might edit the comment for use in reports.

To customize database objects

  1. In Designer, select the Base Data | Advanced | Modified SQL category.
  2. Select the database object.
  3. Modify Remarks.
Table 193: Database Object Properties
Property Description
Processing status

The processing status is used for creating custom configuration packages.

Remarks Additional comments, for example, for using in system configuration reports.
Name Database object name.
Modified Specifies whether the database object has been changed.
Sort order

Order in which the data is presented.

Type Type of database object, for example, procedure, function, trigger, index, view, custom table, custom column.

For detailed information about creating transport packages, see the One Identity Manager Operational Guide.

Web service integration

The One Identity Manager offers you the option to integrate web services. For example, you can use web services to write data to applications, which cannot be connection to One Identity Manager as a default target system.

Data for external applications can be originate from any of the One Identity Manager schema's tables. They can, for example, be mapped as custom target systems.

Example

The general data for a telephone system should be found from personnel data in One Identity Manager. The telephone system is mapped in One Identity Manager as a custom target system. One extension in the telephone corresponds a user account in One Identity Manager.

Once a new employee has been added in One Identity Manager, a new extension should become available in the telephone system. A new user account is added for each account definition. A web service passes the user account''s master data onto the telephone system. where a new participant and telephone number is added. The web service passes this telephone number to the One Identity Manager as the return value. The telephone number should be transferred to the employee's master data.

Proceed as follows

  1. Set up a custom target system in One Identity Manager.
    • Select Scripted synchronization for the Synchronized by property.
  2. Set up the server for provisioning the data.
    • Enter the server as the synchronization server in the custom target system.
  3. Set up an account definition for automatic administration of user accounts in this target system.
  4. Enter the required IT operating data.
  5. Bind the web service to One Identity Manager. Use the generic web service call for this.

    The web service integration wizard helps you to create scripts for provisioning data for the default events Insert, Update and Delete. The provisioning processes are supplied by default through One Identity Manager.

  6. Create additional scripts and processes for handling the web service return value.

    TIP: When you insert, change or delete containers, user accounts, and groups in a custom target system, the return values are saved by default as GUID objects in the database.

    Create a process to add the telephone number from the object GUID to the employee master data.

Detailed information about this topic

For detailed information about setting up a custom target system, about account definitions, IT operating data and setting up a server, see the One Identity Manager Administration Guide for Connecting to Custom Target Systems.

Related Documents