4.4 Viewing Permission Collection and Reconciliation Service Configuration Objects

NOTE:This section contains information about verifying the objects that are either newly created or modified as part of enabling the Permission Collection and Reconciliation service. If this service is not enabled for the driver, skip this section.

After the driver is deployed and configured with the new Permission Collection and Reconciliation service, verify that the driver correctly creates and updates the entitlements information in the Identity Vault.

Complete the following steps:

  1. In iManager, click Driver icon to display the Identity Manager Administration page.

  2. In the Administration list, click Identity Manager Overview.

    1. (Conditional) If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    2. Click the driver set to open the Driver Set Overview page.

  3. Click the Loopback Service driver icon.

  4. Click the Jobs tab. The PermissionOnboarding job is displayed in the Jobs page. For more information, see PermissionOnboarding Job Object in the NetIQ Identity Manager Driver Administration Guide.

  5. Click Advanced > Mapping Tables. The DNs of the Entitlement objects are displayed in the Mapping Table page based on the InitEntitlementResourceObjects policy and data from the configuration objects. For more information, see Mapping Table Objects in the NetIQ Identity Manager Driver Administration Guide.

  6. Click Global Config Values to display the driver set GCV page.

    This page contains two sets of GCVs that are consumed by the drivers in the driver set. Ensure that you configure them for the driver set containing the drivers for Permission Collection and Reconciliation service.

    • NOVLCOMSET: This GCV object contains the following:

      • User Container: Specifies the Identity Vault container where the users are added, if they don’t already exist in the Identity Vault. This value is the default value for all drivers in the driver set.

      • Group Container: Specifies the Identity Vault container where the groups are added, if they don’t already exist in the Identity Vault. This value is the default value for all drivers in the driver set.

    • NOVLACOMSET: This GCV object contains the following:

      • User Application Provisioning Services URL: Specifies the User Application Identity Manager Provisioning URL.

      • User Application Provisioning Administrator: Specifies the DN of the provisioning administrator. This user should have the rights for creating and assigning resources.