Chat now with support
Chat with Support

Identity Manager 8.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Customizing the One Identity Manager default configuration

You can customize large parts of the One Identity Manager default configuration. For example, you can specify your own display names for columns or menu items or define your own templates and formatting rule for column values.

If you customize a default configuration, the change is captured by a trigger and the default configuration is copied into a configuration buffer. You can retrieve changes from the configuration buffer and restore the default configuration in this way.

  • Changes to data are labeled with the icon in front of the modified value. As long as the changes have not been saved, you can restore them by clicking the icon.

  • Changes to the default configuration are labeled with the Designer icon in the . To restore the default configuration, click the icon.

If the default configuration is changed by a service pack, a complete version upgrade or by loading a hotfix package during a One Identity Manager version upgrade, a check is made to see if it has already been customized. In this case, the modified default configuration is copied to the configuration buffer. This ensures that customizations do not go missing.

Related topics

 

Reloading changes dynamically

Cached system data can be dynamically reloaded if it has changed. The changes are reloaded automatically in background.

An exception to this are changes that effect the character of the user interface. These changes are only reloaded after requesting confirmation from the user. The user can decide when to accept these changes. In the status bar of the Manager, the icon indicates that the user interface was modified.

The semaphore is incremented when changes are made. The semaphore is calculated when the DBQueue Processor is run.

To configure the reloading of changes

  1. In the Designer, check if the Common | CacheReload configuration parameter is set. Otherwise, set the configuration parameter and compile the database.

  2. Use the Common | CacheReload | Type configuration parameter to specify the method for checking the validity of cached information. Permitted values are:

    • ALWAYS: The validity of the cached information is checked during every access.

    • NEVER: The validity of the cached information is never checked.

    • TIMER: The validity of the cached information is checked on expiry of the interval.

  3. If you use the TIMER method, specify the time in seconds in the Common | CacheReload | Interval configuration parameter after which the values are to be checked when they are accessed.

Which columns are reloaded is defined in the data model. In the Designer, you can find an overview of the semaphore in the category Base data > Advanced > Semaphore.

  • To reload data after changes to a column, the column must be assigned to the semaphore.

  • To reload data after inserting or deleting in a table, the primary column key must be assigned to the semaphore.

Table 4: Changes to reload
Changes Semaphore

Script assembly and Customizer

Assembly

Calculate column dependencies

BulkdDependencies

Names, such as column headings or display text

Caption

Configuration parameter

Config

Countries and time zones

Country

Parts of user interface

Dialog

Use of special program functions

Feature

Icons

Image

Tables, columns, table relations, column relations, objects, tasks

Model

Notification

Notification

Permissions and permissions groups

Right

Software revisions status (for software update)

SoftwareRevision

Statistic definitions

DashBoardDef

Statistical content

DashBoardContent

Module dependencies

ModuleDepend

User data stored in memory.

UserDataResident

Changes to synchronization configuration

DPRConfiguration

Changes to module dependencies

ModuleDepend

Changes to the Web Portal configuration

AEDS

Changes to predefined SQL queries

LimitedSQL

Changes to permissions for Web API methods

AEDSGROUP

Changes to password policies

PasswordPolicy

Locking and unlocking individual properties for editing

You can prevent individual properties from being overwritten by transports or normal editing using a lock.

For example, you may want to block processing, as follows:

  • Configuration parameters and their values should not be overwritten when a test environment is transported to a productive system.

  • Server configurations should neither be overwritten in the test environment nor the productive system during a transport.

NOTE: To lock properties for editing, users require the Allow setting a change lock for specific properties of individual objects program function (Common_AllowPropertyLocks).

If certain users are allowed to lock properties for editing, you can assign the permissions to the users through permissions groups.

  • The QBM_PropertyLock permissions group is provided for non role-based login. This group owns the program function. Add the system users to the permissions groups. Administrative system users automatically obtain these permissions groups.

  • The QER_4_PropertyLock permissions group is provided for non role-based login. This group owns the program function. The permissions group is linked to the Base roles | Lock single properties application role. Add the employees to the application role.

To unlock and unlock a single property

  1. Open the object in the Designer or the Manager.

  2. Click the property name and select one of the following options from the context menu:

    • Prohibit modification: The property is locked for editing. The input field is locked and grayed-out.

    • Permit modification: The property is unlocked and available for editing.

System configuration reports

In the Designer, different reports about the system configuration and customizations are available. When you select an entry in this category the corresponding report is generated. Generating the report may take some time depending on its size.

To display a report about the system configuration

  • In the Designer, select the Documentation category.

Table 5: System configuration reports
Report Contents

System configuration

This report contains the description and settings of enabled configuration parameters.

Processes

This report contains the description of all enabled default processes. The process steps and their parameters as well as the scripts used and configuration parameters for a process are listed.

Process Components

The report contains the description of all process components with their tasks and parameters.

Templates

This report contains the descriptions of all default templates including affected columns, scripts used and configuration parameters.

Formatting rules

This report contains the description of all default formatting rules including scripts used and configuration parameters.

Scripts

This report contains the description of all default scripts including configuration parameters used. The usage in processes, process steps, templates, formatting rules and scripts is listed for each script.

TimeTrace

The report shows the configuration of the TimeTrace.

Full report

Full report about system configuration. The report summarizes the information contained in the partial reports.

Table 6: Reports available for customizing
Report Contents

System configuration

This report contains the description and settings of enabled configuration parameters.

Processes

This report contains the description of all enabled default processes. The process steps and their parameters as well as the scripts used and configuration parameters for a process are listed.

Templates

This report contains the descriptions of all default templates including affected columns, scripts used and configuration parameters.

Formatting rules

This report contains the description of all default formatting rules including scripts used and configuration parameters.

Scripts

This report contains the description of all default scripts including the configuration parameters used. Process usage, process steps, templates, formatting rules and scripts are listed for each script.

One Identity Manager schema

This report contains the description of custom One Identity Manager schema extensions (tables and columns). In addition, information about customized database objects is also listed, such as database procedures, functions, triggers, or view definitions.

Full report

Full report about system configuration. The report summarizes the information contained in the partial reports.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating