Chat now with support
Chat with Support

Identity Manager 8.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Configuring the One Identity Manager schema

The SPML web service supports the entire One Identity Manager schema. It is necessary to define the objects and properties to be managed as well as the relations in the One Identity Manager schema in order to manage objects and their relations using the SPML web service. The SPML web service cannot be used until the objects and properties as well as references have been defined in the One Identity Manager schema as being managed with SPML. After the definition has been made, two schema files are created that are needed for validation by the SPML web service. The files should be exchanged in the appropriate SPML web service directory.

Detailed information about this topic

Preparing the One Identity Manager schema for export to the SPML schema

For administration of objects with individual properties and of relations between different object types with SPML web service, label the corresponding tables, columns, and table relations of the One Identity Manager schema to be exported to the SPML schema.

To manage objects and their properties with the SPML web service

  1. In the Designer, select the One Identity Manager schema category.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. On the Table tab, enable the Export for SPML schema option.

  4. Select the column in Schema Editor.

  5. On the Miscellaneoustab, enable the Export for SPML schema option.

NOTE: If references between different One Identity Manager schema object types are managed with the SPML Web Service, both of the affected objects for SPML administration must be marked. Therefore, both tables must be labeled with the Export for SPML schema option.

References between object types are mapped by foreign key relations and many-to-many assignments in One Identity Manager.

  • It is sufficient to mark the corresponding column in the One Identity Manager schema with the Export for SPML schema option in order to manage foreign key relations with SPML.

    NOTE: Note that only one foreign key relation can be managed between two object types using SPML. Thus the business role manager (Org.UID_PersonHead) can be maintained with SPML, but not at the same time as the deputy manager (Org.UID_PersonHeadSecond).

  • For the configuration of many-to-many relations for use with SPML, select the respective many-to-many tables and label the table relation with the Export for SPML schema option.

Related topics

Creating schema files

Once you have labeled all tables, columns, and table relations that should be managed using SPML, you need to create the necessary schema file for SPML web service.

IMPORTANT:

  • Before exporting, ensure that you have committed all the changes in the Designer in the main database and that all open calculation tasks for the DBQueue Processor have been processed.

  • If you change other SPML-relevant settings on the One Identity Manager schema at a later date, you must recreate the schema file.

To create a schema file

  1. In the Designer, start One Identity Manager in the Schema Editor.

  2. Select the Schema > Export SPML schema information menu item.

  3. Confirm the security prompt with OK.

  4. In the Browse for folder dialog, enter the directory where the schema files will be created.

  5. Click OK.

    This starts the export. The export can take some time depending on the number of changes.

  6. Click OK.

Place the QOIM_Schema.xsd and QOIM_SpmlTargetSchema.xsd schema files in the SPML web service directory. Enter the storage location for the schema files in the SPML web service configuration file. The files are saved by default to the Schemas directory in the installation directory.

Related topics

Testing SPML web service functionality

A simple test front-end is supplied in order to test the basic functionality of SPML web service. Prerequisite for using the test front-end is that SPML web service is correctly installed and configured. Use a browser to check whether SPML web service is functioning and correctly installed.

The SPML web service can be reached over a browser under:

http://<server>/<application name>

https://<server>/<application name>

TIP: You can open the web server's status display in the Job Queue Info. In the Job Queue Info, select View > Server state in the menu and, on the Web servers tab, open the web server status display from the Open in browser context menu.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating