A.1 Driver Configuration

In iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit:

    1. In the Administration list, click Identity Manager Overview.

    2. Click the Driver Sets tab.

    3. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    4. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, then click the upper right corner of the driver icon to display the Actions menu.

  4. Click Edit properties to display the driver’s properties page.

    By default, the Driver Configuration page is displayed.

In Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver line, then click Properties.

  3. Click Driver Configuration.

The Driver Configuration options are divided into the following sections:

A.1.1 Driver Module

The driver module changes the driver from running locally to running remotely or the reverse.

Connect to Remote Loader: Used when the driver is connecting remotely to the connected system. The options are:

  • Java: Specify the name of the Java class.

  • Native: Specify the name of the DLL file. This option is not applicable to this driver.

  • Connect to Remote Loader: Select this option to specify the remote loader client configuration.

    Designer includes one sub-option:

    • Remote Loader client configuration for documentation: Includes information on the Remote Loader client configuration when Designer generates documentation for the driver.

A.1.2 Driver Object Password

Driver object password: Use this option to set a password for the driver object. If you are using the Remote Loader, you must enter a password on this page or the remote driver does not run. This password is used by the Remote Loader to authenticate itself to the remote driver shim.

A.1.3 Authentication

The Authentication section stores the information required to authenticate to the connected system.

Authentication ID: Provide the authentication information while configuring the domain connections for the driver. This is a qualified userprincipalname on Azure AD with login permissions. For example, admin@domain.onmicrosoft.com

Remote Loader connection parameters: Used only if the driver is connecting to the application through the Remote Loader. The parameter to enter is hostname=xxx.xxx.xxx.xxx port=xxxx kmo=certificatename, when the hostname is the IP address of the application server running the Remote Loader server and the port is the port the Remote Loader is listening on. The default port for the Remote Loader is 8090.

The kmo entry is optional. It is only used when there is an SSL connection between the Remote Loader and the Identity Manager engine. For example, hostname=10.0.0.1 port=8090 kmo=IDMCertificate. Specify the additional parameters in the Other parameters field.

Driver Cache Limit (kilobytes): Specify the maximum event cache file size (in KB). If it is set to zero, the file size is unlimited. select Unlimited option to set the file size to unlimited in Designer.

Application Password: Use the Set Password option to set the application authentication password.

Remote Loader Authentication: Used only if the driver is connecting to the application through the Remote Loader. The parameter to enter is hostname=xxx.xxx.xxx.xxx port=xxxx kmo=certificatename, when the hostname is the IP address of the application server running the Remote Loader server and the port is the port the Remote Loader is listening on. The default port for the Remote Loader is 8090.

The kmo entry is optional. It is only used when there is an SSL connection between the Remote Loader and the Identity Manager engine. For example, hostname=10.0.0.1 port=8090 kmo=IDMCertificate. Specify the additional parameters in the Other parameters field.

Remote loader password: Use this option to update the remote loader password.

A.1.4 Startup Option

The Startup Option section allows you to set the driver state when the Identity Manager server is started.

Auto start: The driver starts every time the Identity Manager server is started.

Manual: The driver does not start when the Identity Manager server is started. The driver must be started through Designer or iManager.

Disabled: The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start.

If the driver is Disabled and then changed to Auto start or Manual, you can select the Do Not Automatically Synchronize the Driver check box. This prevents the driver from synchronizing objects automatically when it loads. To synchronize objects manually, use the Synchronize button on the Driver Overview page.

A.1.5 Driver Parameters

The Driver Parameters section lets you configure the driver-specific parameters. When you change driver parameters, you tune driver behavior to align with your network environment.

The driver setting parameters are divided into the following categories:

Driver Settings

Client ID: Specifies the account name which the Azure AD driver will use to access the Azure AD applications. You need to set the level of permissions required by the driver.

Client Secret: Specifies the password for the client ID to access the Azure AD applications.

NOTE:For information on creating the Client ID and Client Secret for your application, see Creating a Proxy Application on Azure AD.

Remove Existing Passwords: Select this option to clear the existing password. You can enter a new password at this point.

Driver Operation Mode

Enable Hybrid Operation Mode: In hybrid mode, the driver supports only Roles and License entitlements. The users and groups are provisioned by the AD driver. By default, the parameter is set to Yes. If you want to run the driver in cloud-only mode, set the value to No and install the Azure AD Cloud Only Entitlements package.

Activate Azure Directory Roles: To activate the Azure AD roles, set this parameter to Yes. Azure AD driver will fetch only the roles that are already activated.

Schema Extensions Configuration

Show Schema Extensions Configuration: To show the schema extensions in the configuration wizard, select Show.

Existing Schema Extensions: To retain the previously-loaded configuration, select Preserve. However, when you select Preserve and add a new extension, the extension will be added. Select Remove to overwrite an existing configuration.

Add a schema extension: Add a schema extension and specify appropriate configuration details. You can add multiple schema extensions if required.

  • Name of extension: Specify the name of the schema extension. If you create more than one schema extension with the same name, the first extension in the list will be used. The remaining extensions will be ignored.

  • Type of extension: Indicates the data type for the configured schema extension. Ensure that the data type is a supported schema extension type in Azure AD.

  • Target objects of extension: Lists the target objects for the schema extension. A schema extension can be extended to multiple target object classes. For example, if you have a schema extension called Title, it can be extended to a User and Group object class.

NOTE:You can configure a maximum of hundred extensions on Azure AD.

Subscriber Settings

Domain Name: Specify the Azure AD domain site context. For example, <domain name>.onmicrosoft.com or <domain name>.com format.

Truststore file: Specify the name and path of the truststore file containing the trusted certificates used when a remote server is configured to provide server authentication. This file will contain certificates for Azure Graph and Exchange Service. For example, c:\security\truststore.

Proxy Host and Port: When an HTTP proxy is used, specify the host address and the host port. For example, 192.10.1.3:18180. Otherwise, leave the field blank.

Set proxy authentication parameters: To set proxy authentication, select Show. and specify the user and password for proxy authentication.

Exchange and Powershell Service: When this service is enabled, the driver will synchronize Exchange users and groups using this service.

Exchange Service URL: Specify the URL of the Identity Manager Exchange Service.

For example, https://<ip-addr>:<port>/ExchServer.

Refresh Deleted User Cache: When you set this parameter to Yes, the local cache that contains the deleted users is refreshed with the objects present in the Office 365 deleted user container.

Office 365 Exchange Online: To initiate a connection with Exchange Online and synchronize Office 365 exchange users and groups, select Yes.

Queue Operations: To enable queuing of objects when synchronizing between Azure AD and Identity Manager Exchange Service, select True.

Page Size: Set a value for the number of results per page during Exchange Publisher poll.

Trace location: Specify the custom path where you want to save the Identity Manager Exchange Service logs. By default, the logs will be saved in this component’s installation directory.

Trace Level: Set the trace level for the Identity Manager Exchange Service. The driver supports five trace levels: NOTIFY, INFO, ERROR, MORE INFO, and DEBUG. The default trace level is NOTIFY. The next trace level, that is, INFO provides basic trace messages. ERROR provides some additional information than the previous level. Detailed messages are logged if you select INFO. DEBUG logs information on debugging data along with detailed messages.

Trace File Size Limit: Specify the trace file size limit. The value is measured in MB. The minimum value is 10 MB.

Database Password: Specify the database password. This password is used to encrypt and connect to the Publisher cache. Ensure that the same password is used to reconnect to the cache at a later time.

Remove Existing Passwords: Select this option to clear the existing password. You can enter a new password at this point.

Publisher Settings

Enable publisher: Allows you to enable or disable the Publisher connection for your Azure AD driver.

Publisher Polling Interval: Specify a time period after which Azure AD will be queried for new changes. The time is indicated in minutes.

Heart Beat Interval: Allows the driver to send a periodic status message on the Publisher channel when there has been no Publisher channel traffic for the given number of minutes. This indicates the time period at which the heart beat document is issued by the driver shim. The time is indicated in minutes.