立即与支持人员聊天
与支持团队交流

Identity Manager 8.1.4 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Using scripts Notes on message output Notes on using date values Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing of scripts in Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for executing scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

RemoteConnectPlugin

To configure synchronization with a target system, One Identity Manager must load the data from the target system. One Identity Manager communicates directly with the target system to do this. Sometimes direct access from the workstation, on which the Synchronization Editor is installed, is not possible. For example, because of the firewall configuration or the workstation does not fulfill the necessary hardware and software requirements. If direct access is not possible from the workstation, you can set up a remote connection. Prerequisite for this is that the RemoteConnectPlugin is installed on the Job server.

Table 100: RemoteConnectPlugin parameters
Parameters Value Description

Authentication method (AuthenticationMethod)

ADSGroup

Method with which incoming queries can be authenticated.

Permitted values: ADGroup

Permitted AD group (ADGroupAuthPermittedGroup)

 

Distinguished name or object SID of the Active Directory group whose members are permitted to use a remote connection. This parameter is only required for the ADGroup authentication method.

Port (Port)

2880

Port for reaching the server.

NOTE: Authentication of a remote connection can only be done through an Active Directory group.

File module with private key

In this module, you provide the data for files with a private key. Use this parameter if you work with several private keys, for example, if One Identity Manager Service data must be exchanged between two encrypted One Identity Manager databases.

If no key is entered here, the private key file from the File with private key (PrivateKey) parameter of the JobServiceDestination is used.

To enter a file with a private key

  1. Click New and enter the following information:

    • Property: Enter the ID of the private key. The ID is expected in the JobServiceDestination in the Private key identifier parameter (PrivateKeyId). The default key has the ID Default.

    • Value: Enter the path of the private key file. You can enter the absolute or relative path to the One Identity Manager Service.

Example of the configuration in the file jobservice.cfg.

configuration>

<category name="privatekeys">

<value name="Default">private.key</value>

<value name="Key2">key2.key</value>

<value name="OtherKey">C:\Path\To\Other.key</value>

</category>

</configuration>

Related topics

Handling processes in One Identity Manager

One Identity Manager uses so called 'processes' for mapping business processes. A process consists of process steps, which represent processing tasks and are joined by predecessor/successor relations. This functionality allows flexibility when linking up actions and sequences on object events.

So-called process tasks are used to perform single elementary tasks at system level, for example, adding a directory. A process component consists of one or more process tasks and its parameters. Process components are defined in the tables Jobcomponent, Jobtask and Jobparameter along with their process tasks and parameters. Predefined configurations are maintained by the schema installation and cannot be edited apart from a few properties.

Processes are modeled using process templates. A process generator (Jobgenerator) is responsible for converting script templates in processes and process steps into a concrete process in the ’Job queue’.

One Identity Manager Service, a service running on the target system, collects the process steps from the Job queue. The process steps are executed by process components in the target system. The One Identity Manager Service also creates an instance of the required process component and transfers the process step parameters. Decision logic monitors the execution of the process steps and determines how processing should continue depending on the results of the executed process components. The One Identity Manager Service enables parallel processing of process steps because it can create several instances of process components. The One Identity Manager Service is the only One Identity Manager component authorized to make changes in the target system.

The following illustration shows a chain of process steps with which you can add an employee, set up an Active Directory user account for him or her and finally add a mailbox.

You can reproduce this sequence in a process. However, you can also define entry points for other processes. The entry point of process1 results in the creation of an employee with an Active Directory user account and mailbox. The entry point of process 2 only results in the creation of an Active Directory user account with a mailbox.

Figure 29: Creating a single process by linking process steps

Related topics

Editing processes with the Process Editor

You can edit processes in the Designer using the Process Editor. In the Process Editor, a process is combined with its process steps in a process document. The process is displayed and controlled by means of special control elements.

Figure 30: Illustrating a process in the Process Editor

When you add a new process, an initial process document with one process element is created. When you add a process step, the associated process step element is created.

Individual elements are linked to each other with a connector. Activate the connection points with the mouse.

  • To create a connection, click on a connection point, hold down the left mouse button and pull a connector to the second connection point.

  • To delete a connection, select a connection end-point again by clicking with the mouse. Confirm the security prompt with OK.

Double-click on the process or process step element to open the respective edit view, where you can make your changes.

Each element has a tooltip. A process element's tooltip displays the name and description of the process. A process step element's tooltip displays the name and description of the process step as well as the description of the process task used.

Each element contains a quick access menu bar. The icons represent special properties of processes or process steps. The icon's tooltip shows more detailed information about a property. Double-click on a icon to open the edit view of the process or process step and jump to the corresponding property.

Table 101: Quick access icons
Icon Meaning

Events are defined.

Process is not generated.

Process in wait mode on error.

Processing is split. The connection point on error and the connector to the subsequent process step are colored yellow.

Runtime errors are ignored. The connection point is colored gray on error. No process step is possible on error.

If an error occurs, no more process steps are handled for this process.

A generating condition exists.

Process information is enabled.

A script for selecting a server or server mask is entered.

Messaging on error and on success is enabled.

The process or process steps are customized. More information about the customizations is shown in a tooltip.

Some important properties are shown by the color of the element.

Table 102: Colors of elements
Color Meaning

Blue

Default.

Yellow

The verification test resulted in a warning or information.

Red

The verification test failed.

Gray

The process is disabled.

You can drag and drop elements in the process document. Use Arrange in the context menu to reset the elements to their default positions. The position of each element is transferred to the One Identity Manager database when the entire process is saved. The layout is therefore available to all users when you restart the Designer.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级