Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Uninstalling the SOAP Web Service

To uninstall a web application

  1. Launch autorun.exe from the root directory of the One Identity Manager installation medium.

  2. On the start page o the installation wizard:

    1. Select the Installation tab.

    2. Select Web-based components and click Install.

      Starts the Web Installer.

  3. On the Web Installer start page, click Uninstall a One Identity Manager web application and click Next.

  4. The Uninstall a One Identity Manager web application page displays all installed web applications.

    1. Select the web application you want to remove by double-clicking it.

      The icon is displayed in front of the application.

    2. In the Authentication method area, select an authentication method and enter the corresponding login data.

    3. To start uninstalling the web application(s), click Next.

    1. Confirm the security prompt with Yes.

  5. The uninstall progress is displayed on the Setup is running page.

  6. Once installation is complete, click Next.

  7. On the Wizard complete page, click Finish.

  8. Close the autorun program.

Examples of calls

You will find an overview of the methods supplied under SOAP Web Service . In the following there are some examples of a web service client calls in the programming language C#.


Authentication is carried out by means of an authentication string containing an authentication module and the login data to use. You must create an instance of the web service and the object for the login data to log in to the system. The login data is passed to following calls.


var svc = new Q1IMServiceSoapClient();

var login = new LoginInformation

{ AuthString = "Module=DialogUser;User=viadmin;Password=" };

Table 207: Examples of authentication
Authentication module Example
System user Module=DialogUser;User=<user name>;Password=<password>
Person Module=Person;User=<central user account>;Password=<password>
Active Directory user account (role-based) Module=RoleBasedADSAccount
Active Directory user account (manual input/role-based) Module=RoleBasedManualADS;User=<AD user name>;Password=<AD password>

For detailed information about the One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.


This method returns an array of objects, which correspond to the given WHERE clause. The returned array contains the object's primary key and a special key, [DISPLAY], which contains the object's display value.


Q1IMService.KeyValuePair[][] objects = svc.GetListObject(login, "Person",

"FirstName like 'Hal%'");


This method works in the same way as GetListObject and allows you to enter details of additional columns to be loaded.


In the example, the columns FirstName and LastName are available.

Q1IMService.KeyValuePair[][] objects = svc.GetListObjectWithDisplays(login, "Person",

"FirstName like 'Hal%'",

new [] {"FirstName", "LastName"});


All the properties of the object that is defined by the primary key are loaded by the method.


Q1IMService.KeyValuePair[] singleValues = svc.GetCompleteSingleObject(login,

"Person", "UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");


Properties of a single object are loaded with this method.


In the example, the columns FirstName and LastName and the display value are loaded. The display value is given in the key [DISPLAY].

Q1IMService.KeyValuePair[] values = svc.GetSingleObject(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

new[] { "FirstName", "LastName" });


This method changes individual properties of an object.


In the example, the column Description of the employee with the corresponding UID_Person is modified.

var values = new[]


new Q1IMService.KeyValuePair


Key = "Description",

Value = "Created by webservice"



svc.ChangeSingleObject(login, "Person", "UID_Person",

"746a5662-054b-4531-a889-1c135dad4c05", values);


Modifying an object with this method is done in the same way as with ChangeSingleObject, but here the primary key value is passed as a Key-Value-Pair-Array.


var values = new[]


new Q1IMService.KeyValuePair


Key = "Description",

Value = "Created by webservice"



var keys = new[]


new Q1IMService.KeyValuePair


Key = "UID_Person",

Value = "746a5662-054b-4531-a889-1c135dad4c05"



svc.ChangeSingleObjectEx(login, "Person", keys, values);


This method deletes an object.


In this example, the employee with the corresponding UID is deleted from the database.

svc.DeleteSingleObject(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");


Using this method, you can delete objects with a multicolumn primary key (from example, from M:N tables).


svc.DeleteSingleObjectEx (



new []


new Q1IMService.KeyValuePair { Key = "UID_Org", Value = <UID> },

new Q1IMService.KeyValuePair { Key = "UID_Application", Value = <UID>}



A new object is created in the database with this object.


In this example, the employee "Jon Doe" is created.

var values = new[]


new Q1IMService.KeyValuePair {Key = "FirstName", Value = "John"},

new Q1IMService.KeyValuePair {Key = "LastName", Value = "Doe"}


svc.CreateSingleObject(login, "Person", values);


This method checks the existence of an object.


bool exists = svc.Exists(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05");


This method can be implemented to find a single property.


string description = svc.GetSingleProperty(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",



The SOAP Web Service supports a InvokeCustomizer method, which calls a function for an object in the database. The first three parameters specify the object on which the method is called. The parameter customizerName provides the function name. An array of strings follows which contains the fully qualified name of the parameter data types. These are passed to the calling function. The following array of strings contains textual representation of the parameter.

How the function works

  • First, the database is opened and the object specified by objectType, pkName and pkValue is retrieved.
  • Then the runtime data types specified by parameterTypes are determined.
  • After that, text representations of the parameters are converted from the value array to the corresponding runtime data types.
  • The function is called with these values.

If the function to be called has no parameters, you can transfer the value null to the function for the parameters parameterTypes and parameters.


In this example, the method "TestMethod" is called for a Person type object with the primary key UID_Person and the given value. In this case, both parameters of type System.String and System.Int32 are transferred with the values "Foo" and "4711".

svc.InvokeCustomizer (login, "Person",

"UID_Person", "0000644F-C139-4B25-8D1C-5ECB93067E79",


new [] {"System.String", "System. Int32"},

new [] {"foo", "4711"});


The method can call a dialog method on an object. Dialog methods do not have any parameters and no return values. The call is similar to the InvokeCustomizer call.


In this example, the method "TestDialogMethod" is called for a specific person. "TestDialogMethod" is the name of the method corresponding to DialogMethod.MethodName.

svc.InvokeDialogMethod (login,


"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",



A specific event is generated by this method. There is the option to enter other generating parameters.

public void FireGenEvent(

string objectType, string pkName, string pkValue,

strincolumng eventName, KeyValuePair[] parameters);


In this example, the event "EXPORT_DATA" is generated without additional parameters.

svc.FireGenEvent(login, "Person",

"UID_Person", "746a5662-054b-4531-a889-1c135dad4c05",

"EXPORT_DATA", new Q1IMService.KeyValuePair[] { });


This method calls a One Identity Manager script function.


In the example, the script VI_BuildInitials is called.

svc.CallFunction(login, "VI_BuildInitials",

new string [] {"John", "Doe"});

One Identity Manager as SPML provisioning service provider

One Identity Manager Enables data exchange with other vendor systems using SMPL. SMPL stands for Service Provisioning Markup Language and defines a standardized interface for exchanging provisioning information. SPML version 2 (SPMLv2) was published in April 2006 by the Organization for the Advancement of Structured Information Standards (OASIS, The interface provides a means to simplify and standardize data exchange in the context of complex provisioning solutions and environments.

The One Identity Manager can be implemented as SPML client or as SPML provider. At this point we shall only go into the One Identity Manager configuration as SPML provider. The SPML Provider supports the entire One Identity Manager schema. The objects and relations to be administrated through the SPML provider can be configured to meet customer requirements.

Detailed information about this topic

SPML web service

A web service called the SPML web service is provided to function as an SMPL service provider. SPML web service conforms to SPMLv2 and its implementation is based on the OASIS publication. It makes the main operations such as adding, deleting and changing objects available as well as extensions for searching and referencing objects.

SPML Web Service supports the following defined SPMLv2 functions:

Table 208: SPMLv2 Supported Functions
Function Description
listTargetsRequest Returns the provider target system with its specific schema. The SPML provider supports the One Identity Manager schema exclusively.
addRequest Adds a new object in the given provider target system with the given properties.
lookupRequest Returns the properties of an object identified by a key.
modifyRequest Changes the properties of a key identified object in the given provider target system.
deleteRequest Deletes a key identified object in the provider target system.
searchRequest Returns all objects in the provider target system that fulfill the search criterion.
iterateRequest Returns other data sets from a search assuming not all of search results have been sent to the client.
closeIteratorRequest Closes an active search and informs the provider that no further results are required.

The Reference extension allows you to maintain references between different objects from the provider’s target system. There are two different types of references for this.

  • Reference type owner

    References of the type owner result in foreign key relations in the One Identity Manager.

  • Reference type memberOf

    References of the type memberOf result in many-to-many assignments in the One Identity Manager.

Related Documents