4.5 Viewing Entitlements Onboarding Configuration Objects

NOTE:This section contains information about verifying the objects that are either newly created or modified as part of enabling the quick onboarding of custom entitlements functionality. If this functionality is not enabled for the driver, skip this section.

After the driver is deployed and configured with the new entitlements onboarding functionality, verify that the driver correctly creates and updates the entitlements information in the Identity Vault.

Complete the following steps:

  1. In iManager, click Active Directory Discovery Tool to display the Identity Manager Administration page.

  2. In the Administration list, click Identity Manager Overview.

    1. (Conditional) If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    2. Click the driver set to open the Driver Set Overview page.

  3. Click the Active Directory driver icon.

  4. Click the Jobs tab. The PermissionOnboarding job is displayed in the Jobs page. For more information, see Synchronizing Permission Changes from the Connected Systems in the NetIQ Identity Manager Driver Administration Guide.

  5. Click Advanced > Mapping Tables. The DNs of the Entitlement objects are displayed in the Mapping Table page based on the InitEntitlementResourceObjects policy and data from the configuration objects. see Mapping Table Objects in the NetIQ Identity Manager Driver Administration Guide.

  6. In iManager, click Driver Set > Edit Driver Set properties.

  7. Click Global Config Values to display the driver set GCV page.

    This page contains two sets of GCVs that are consumed by the drivers in the driver set. Ensure that you configure them for the driver set containing the drivers for quick onboarding of identity, resources, and permission assignments.

    • NOVLCOMSET: This GCV object contains the following:

      • User Container: Specifies the Identity Vault container where the users are added, if they don’t already exist in the Identity Vault. This value is the default value for all drivers in the driver set.

      • Group Container: Specifies the Identity Vault container where the groups are added, if they don’t already exist in the Identity Vault. This value is the default value for all drivers in the driver set.

    • Advanced Settings: This GCV object contains the following:

      • User Application Provisioning Services URL: Specifies the User Application Identity Manager Provisioning URL.

      • User Application Provisioning Services Administrator: Specifies the DN of the provisioning services administrator. This user should have the rights for creating and assigning resources.