Configuring SecurityMatrix for Epic EMP subtemplate
A mapping must be established between the Person Identity attributes and the Epic EMP subtemplate security matrix attributes, in order to group the Epic EMP subtemplate with one or more attributes of the Identity.
This section describes the steps to define such mappings in One Identity Manager.
To define the column mappings between the Person Identity and the Security Matrix for Epic EMP subtemplate, follow the below mentioned steps:
- In One Identity Manager, select the appropriate Epic connection that has been created.
- In the Tasks section, select the link Assign Epic EMP subtemplate Matrix property mapping.
-
Select the Person column and corresponding Security Matrix column from the respective drop downs for the mapping.
- Save the mappings.
NOTE: The Epic EMP subtemplate security matrix has a maximum of ten Properties that can be mapped with the Person Identity. The security matrix will always apply.
Importing SecurityMatrix for Epic EMP subtemplate
Epic EMP subtemplates can be assigned automatically to an Epic EMP user account via SecurityMatrix.
In order to achieve this, SeurityMatrix must be imported into One Identity Manager.
On subsequent changes to the security matrix the updates to the matrix must be imported in order to have the Epic user account to SubTemplate assignments updated.
The SeurityMatrix can be imported using these methods
Importing the matrix using CSV import Synchronization Project
The SecurityMatrix for SubTemplate can be imported into OneIdentity Manager using a SecurityMatrix csv file.
The csv file is imported into One Identity Manager using a CSV synchronization project.
Setup Security Matrix Synchronization Project
This project provides a CSV synchronization workflow which imports the SecurityMatrixSubTemplate into One Identity Manager.
Epic EMP subtemplate assignments are setup in the file named SecurityMatrixSubTemplate.csv.
SecurityMatrixSubTemplate CSV file configuration
The names of the columns in this file are
- Property01
- Property02
- Property03
- Property04
- Property05
- Property06
- Property07
- Property08
- Property09
- Property10
- SubTemplateID
- SubTemplateNumber
Details about the values in the columns in the SubTemplate csv file.
Enter the values mentioned in the following table in the corresponding columns of the csv file
Table 44: Columns in the csv file
Columns in the csv file |
Values |
Property01 to Property10 |
Full name of the One Identity Manager Organization or Business role
NOTE: Property01 to Property10 represent the different possible One Identity Manager Built-in Organization or Business role or Identity Attributes like Title.
Out of box only one business role assignment is supported that is mapped to the value entered in UID_Org in the person table. |
SubTemplateID |
Epic EMP Subtemplates External ID |
SubTemplateNumber |
The SubTemplateNumber and the SubTemplateID form a unique identifier for the Property Columns specified. |
After the Security Matrix CSV files has been setup, the synchronization project can be created using the below steps.
To create a synchronization project
- In the Synchronization Editor, create a new Synchronization Project using the CSV connector.
- Select the SecurityMatrixSubTemplate csv file.
NOTE: A sample CSV file can be found in the Miscellaneous folder under the EPC module
- Set the value of the number of lines in header to 1.
- Select the EPCSecurityMatrix as the template and create the csv project.
- Update the project variable UID_EPCROOT with the UID of the EPCRoot object that has been created for Epic Synchronization project.
- The value can be obtained from the One Identity Manager Object Browser by navigating to the EPCRoot table.
- Save changes to database.
Importing the matrix directly into One Identity Manager Table
The SecurityMatrix for Epic EMP subtemplate can be populated into the EPCMatrixSubTemplate table using a custom solution implemented in the customer environment.
There could be scenarios where the customer would prefer alternate sources for security matrix import other than a csv file, for example a direct interface from the Epic Database or a custom application based on their implementation.