Identity sources provide the information to build a catalog of the people within your organization. The information that you collect from your data sources can add as much personally identifiable information as you need to create the unique identity for each person. If you have upgraded from a previous version of Identity Governance, use the Identity Source Migration utility to update your Active Directory data collector, eDirectory data collector, and Identity Manager data collector to accept change events. For more information, see Migrating an Identity Collector to a Change Event Identity Collector.
Application sources provide the information to build a catalog of the permissions and accounts within your organization. These data sources are configured with one or more collectors to collect the information from that source. Identity Governance provides collector templates to facilitate this configuration, or you can import a JSON file to add identity or application sources.
If you are using the Identity Manager Identity collector, it must always be first in the list of collectors, or user authorizations fail. For more information, see
When collecting identities using the publish and merge setting, matching attributes become mandatory attributes to have Identity Governance include the user when publishing. If a secondary identity source has users that do not have the matching attribute defined in the collector, they will be collected, but they will not be published.
If you collect data from two or more identity sources that have duplicate information for the Primary Supervisor ID from Source attribute, Identity Governance cannot merge or publish the data. After collecting each identity source, you must define extended attributes, such as Source1_userID and Source2_userID, for the Primary Supervisor ID from Source attribute. Then, to merge the information, specify the extended attributes as the
Join to attribute for Primary Supervisor ID from Source.
To collect from a CSV file, specify the full path to the file.
You must export data sources from the current version of Identity Governance to be able to correctly import them.
You can use the Identity Governance Custom Collector SDK to create collectors. For more information, see the Release Notes for Identity Governance 3.0.1.
The CSV collector supports TSV files. To use a TSV file, enter the word tab, in uppercase, lowercase, or any combination in the field.
To create a data source:
Log in to Identity Governance as a Data Administrator.
(Conditional) To create an identity source collector, select.
(Conditional) To create an application source collector, select.
Selectto create a data source collector from a template.
Selectto specify a JSON file to import.
IMPORTANT:You must export a data source from the current version of Identity Governance to import an updated version. Data source files exported from earlier versions of Identity Governance do not import correctly to the current version. Hence, the data source must be recreated in the current version of Identity Governance.
(Conditional) To configure an identity source with change events collector, select a template name ending in Collecting from Identity Sources with Change Events. For more information, see Understanding Change Event Collection Status and Supported Attribute Syntaxes for eDirectory and Identity Manager Change Events Collection.and observe the conditions listed in
NOTE:Only one event collector is allowed and any change to the collector configuration suspends change event processing, which does not resume until a full batch collection and publication completes.
IMPORTANT:For large scale changes, disable event collection, and enable it only for incremental change events.
Specify all the mandatory fields for the data source.
For more information, see the following content in Understanding Collector Configuration:
Save your settings.
(Optional) If you want to preview all or part of the data, select Testing Collections.. For more information, see
The first time you set up Identity Governance, you must collect and publish data after creating your data sources so that your catalog contains the data.
To populate the catalog:
Selectfor each data source on the Identities and Applications pages.
You need to collect and publish the data for Identity Governance to add the data to the catalog.
(Optional) To merge the collected data from an identity source, specify the rules for publishing and merging.
For more information, see Section 6.1.2, Setting the Merge Rules for Publication.
Selecton the page and next to each application data source on the page.
NOTE:When you publish any identity source, Identity Governance publishes all identity sources. For more information, see Section 6.1, Publishing Identity Sources.
When you see that publication has completed, go toto view the collected information.
The event collection displays the following status:
Change Event Collection Status
Event processing is not enabled for this collector and identity source. If event processing is enabled from this state, the state becomes BLOCKED, and the identity source must be collected and published before it can become READY.
Event processing is enabled, but cannot proceed because the preconditions for processing change events were not met. For more information, see Collecting from Identity Sources with Change Events.
Event processing is enabled and not blocked, but awaiting scheduling to proceed.
Events are being polled for and processed.
NOTE:Event processing will be in progress either until a polling request returns no events, or until the configured maximum event processing time is reached.
Identity Governance supports the collection of the following attribute syntaxes during eDirectory and Identity Manager change events collection:
Case Exact String
Case Ignore List
Case Ignore String