5.2 Creating the Driver Object

This section helps you configure the Entity Data Model driver and establish its basic settings.

  1. Open Designer.

    NOTE:Ensure that the Common Settings package is installed in the Package Catalog before you create the driver object.

  2. Right-click the driverset, select New > Driver. The Driver Configuration Wizard opens.

  3. Select Entity Data Model Base, then click Next.

  4. In the Select Mandatory Features page, select Default Configuration and click Next.

  5. If you are using Designer version 4.7.0 or later, click Next. If not, you must upgrade Designer to version 4.7.0 or later, and start again from step 1.

  6. For Driver Name, specify a value and click Next to proceed. The default driver name is Entity Data Model.

  7. (Conditional) To configure one-way authenticated SSL communication:

    • Use SSL: Select Yes to secure connection between the driver and the Transformation Hub Kafka cluster and perform the following:

      1. Create a truststore file that contains the CDF root CA certificate in a temporary directory on the computer where the driver is being installed. For detailed steps, see Creating a Truststore.

      2. Specify the following in the Driver Options:

        • Truststore Path: Specify the full path to the truststore file that contains the CDF root CA certificate.

        • Truststore Password: Specify the password used to access the truststore file that contains the CDF root CA certificate.

  8. (Conditional) To configure mutual authenticated SSL communication when client authentication is enabled in Transformation Hub:

    • Use SSL: Select Yes to secure connection between the driver and the Transformation Hub Kafka cluster and perform the following:

      1. Create keystore and truststore files that contains the CDF root CA certificate in a temporary directory on the computer where the driver is being installed. For detailed steps, see Creating TrustStore and KeyStore for Mutual SSL with Transformation Hub.

      2. Specify the following in the Driver Options:

        • Truststore Path: Specify the full path to the truststore file that contains the CDF root CA certificate.

        • Truststore Password: Specify the password used to access the truststore file that contains the CDF root CA certificate.

        • Use Client Authentication: Select Yes.

          • Keystore Path: Specify the full path of the keystore file that contains SSL private key and certificate.

          • Keystore Password: Specify the password to access the keystore file.

          • Key Password: Specify the password to access the private key.

  9. In the Driver Options, configure:

    • Kafka Server Hosts and Port Numbers: Specify a comma-separated list of hostnames (fully qualified domain names) and ports for establishing communication with the Transformation Hub Kafka cluster. The default SSL port is 9093 and the default non-SSL port is 9092.

      Not all servers in the cluster must be listed, but if none of the servers listed can be contacted, the driver cannot send data to the Transformation Hub. Specify at least one server.

      For example, kafka1.example.com:9092 or kafka1.example.com:9092,kafka2.example.com:9092

      NOTE:Ensure that the FQDNs of the Transformation Hub Kafka nodes resolve successfully from the Identity Manager Server or Remote Loader where the driver is installed.

    • Kafka Topic Name: Specify the name of the Kafka topic to which the entity data will be sent as mf-shared-entity-ingest.

      NOTE:It is recommended to change the topic name only if you want to send the entity data to your own Kafka cluster outside of Identity Intelligence.

    • (Conditional) Advanced Kafka Properties: Specify the advanced properties for the Kafka connection.

      IMPORTANT:Specify these properties at your own discretion and validate them because the changes are applied as is. For more information about these properties, see the Producer Configs section in the Kafka documentation.

  10. (Conditional) Fill in the following fields for Remote Loader information:

    • Connect To Remote Loader: Select Yes or No to determine if the driver will use the Remote Loader. If you select No, skip to Step 11. If you select Yes, use the following information to complete the Remote Loader configuration.

    • Host Name: Specify the host name or IP address of the server where the driver’s Remote Loader service is running.

    • Port: Specify the port number where the Entity Data Model driver instance is configured in the Remote Loader. The default port number is 8090.

    • KMO: Specify the key name of the Key Material Object (KMO) that contains the keys and certificate the Remote Loader uses for an SSL connection. This parameter is only used when you use SSL and mutual authentication for connections between the Remote Loader and the Identity Manager engine.

    • Other Parameters: Specify any other parameters required to connect to the Remote Loader. Any parameters specified must use a key-value pair format, as follows: paraName1=paraValue1 paraName2=paraValue2.

    • Remote Password: Specify the Remote Loader’s password as defined on the Remote Loader. The Identity Manager server (or Remote Loader) requires this password to authenticate to the Remote Loader.

    • Driver Password: Specify the driver object password that is defined in the Remote Loader service. The Remote Loader requires this password to authenticate to the Identity Manager server.

  11. Click Next.

  12. (Conditional) On the Install Entity Data Model Managed System Information page, fill in the following fields to define your Entity Data Model system, then click Next:

    The page is displayed only if you selected to install the Managed System Information package.

    • Name: Specify a descriptive name for this Entity Data Model system. The name is displayed in reports.

    • Description: Specify a brief description for this Entity Data Model system. The description is displayed in reports.

    • Location: Specify the physical location of this Entity Data Model system. The location is displayed in reports.

    • Vendor: Specify the vendor of this Entity Data Model system. This information is displayed in reports.

    • Version: Specify the version of this Entity Data Model system. The version is displayed in reports.

  13. (Conditional) On the Install Entity Data Model Managed System Information page, fill in the following fields to define the ownership of the Entity Data Model system, then click Next:

    The page is displayed only if you selected to install the Managed System Information package.

    • Business Owner: Select a user object in the Identity Vault that is the business owner of the Entity Data Model system. This can only be a user object, not a role, group, or container.

    • Application Owner: Select a user object in the Identity Vault that is the application owner of the Entity Data Model system. This can only be a user object, not a role, group, or container.

  14. (Conditional) On the Install Entity Data Model Managed System Information page, fill in the following fields to define the classification of the Entity Data Model system, then click Next:

    The page is displayed only if you selected to install the Managed System Information package.

    • Classification: Select the classification of the Entity Data Model system. This information is displayed in the reports. The options are:

      • Mission-Critical

      • Vital

      • Not-Critical

      • Other

        If you select Other, you must specify a custom classification for the Entity Data Model system.

    • Environment: Select the type of environment the Entity Data Model system provides. The options are:

      • Development

      • Test

      • Staging

      • Production

      • Other

        If you select Other, you must specify a custom classification for the Entity Data Model system.

  15. Review the summary of tasks that will be completed to create the driver, then click Finish.

  16. (Conditional) If you want Identity Intelligence to do user reconciliation on any user attribute that is not present by default in the Entity Data Model identity schema and the Driver Filter:

    • You must add the attribute in the Driver Filter under the User class. For detailed steps, see Controlling the Flow of Objects with the Filter.

    • In the driver's Schema Map Policy, you must add an attribute row under the User class. In the attribute row, specify the Identity Vault attribute as the user attribute and the Application attribute as entity_reconciliation_id. For detailed steps, see Defining Schema Map Policies.

    For example, if you want Identity Intelligence to do user reconciliation on the Full Name attribute, you must update the Driver Filter and the Schema Map Policy as indicated in the following XML source snippets:

    • Driver Filter:

      <filter-attr attr-name="Full Name" merge-authority="edir" publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>
    • Schema Map Policy:

      <attr-name class-name="User">
            <nds-name>Full Name</nds-name>
            <app-name>entity_reconciliation_id</app-name>
      </attr-name>