15.2 Deploying and Starting Drivers for Identity Reporting

Identity Reporting requires the following drivers:

  • Identity Manager Managed System Gateway Driver

  • Identity Manager Driver for Data Collection Service

This process includes the following activities:

For more information about installing and configuring these drivers, see Configuring Drivers for Identity Reporting.

15.2.1 Deploying the Drivers

You must deploy the two drivers for Identity Reporting.

  1. Open your project in Designer.

  2. In the Modeler or Outline view, right-click the driver set that you want to deploy.

  3. Select Live > Deploy.

  4. Specify the Identity Vault credentials for the selected driver.

15.2.2 Verifying that the Managed Systems are Working

Before you start the Managed System Gateway Driver and the Data Collection Service Driver, you should confirm that the underlying managed systems are properly configured. This process helps you isolate problems with your environment that do not relate to the configuration of the reporting drivers.

To troubleshoot your Active Directory environment, for example, you might want to test an Active Directory entitlement by assigning a resource in the User Application.

NOTE:For more information about the Active Directory driver, see the NetIQ Identity Manager Driver for Active Directory Implementation Guide.

The following steps demonstrate one way to confirm that Active Directory is properly configured:

  1. Ensure that the User Application and Identity Reporting are both running on the same server.

  2. In iManager, verify that the User Application Driver and the Role and Resource Service Driver are running, then ensure that the driver for the managed system is running.

  3. To verify that the User Application can retrieve information from Active Directory, log in to the User Application as a User Application Administrator.

  4. In the Resource Catalog, create a new resource for Active Directory accounts:

  5. Bind the resource to an entitlement within the Active Directory Driver, such as User Account Entitlement.

    The User Application can retrieve the entitlement from the driver.

  6. Because this particular resource pertains to accounts, configure the resource to assign an account value.

  7. Select the account value, and then click Add.

  8. Create another resource that assigns groups.

  9. Bind the resource to an entitlement that is suitable for groups. For this particular resource, map to the Group Membership Entitlement.

  10. Configure this resource so that the user assigns the entitlement value at request time, and allow the user to select multiple values for a single assignment request.

  11. Verify that the entitlements were created successfully.

    At this point, you can see that the underlying architecture for the managed system (in this case, Active Directory) is functioning properly. This can help you to troubleshoot any problems that might arise later on.

15.2.3 Starting the Drivers for Identity Reporting

This section provides instructions for starting the Managed System Gateway Driver and the Data Collection Service Driver.

  1. Open iManager.

  2. Right-click the Managed System Gateway Driver, and then click Start driver.

  3. Right-click the Data Collection Service Driver, and then click Start driver.

  4. After the drivers have started, verify that the console displays additional information in the server console. For example:

  5. Log in to Identity Reporting as a Reporting Administrator.

  6. In the navigation pane on the left, click Overview.

  7. Verify that the Configuration section reports that an Identity Vault has been configured.

  8. In the navigation pane, click Identity Vaults.

  9. Verify that the Identity Vault page provides details about the Data Collection Service Driver and the Managed System Gateway Driver. The Managed System Gateway Driver status should indicate that the driver has been initialized.

    At this point, you can look at the contents of the Identity Information Warehouse to learn more about the rich data that is stored about the Identity Vault, as well as the managed systems in your enterprise.

  10. To see the data in the Identity Information Warehouse, use a database administration tool such as PGAdmin for PostgreSQL to look at the contents of the SIEM database. When you look at the SIEM database, you should see the following schemas:

    idm_rpt_cfg

    Contains reporting configuration data, such as report definitions and schedules. The installation program for Identity Reporting adds this schema to the database.

    idm_rpt_data

    Contains information collected by the Managed System Gateway Driver and the Data Collection Service Driver. The installation program for Identity Reporting adds this schema to the database.

  11. To view data collected by the drivers, expand idm_rpt_data > Tables > idmrpt_idv.

  12. Verify that a single row was added to this table for the new Data Collection Service Driver:

  13. Verify that the data for this table shows the name of the Identity Vault:

    If you see the new row in this table, the driver registration process was successful.