A.2 Global Configuration Values

Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.

The SAP HR driver includes several predefined GCVs. You can also add your own if you discover that you need additional ones as you implement policies in the driver.

To access the driver’s GCVs in iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit:

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, click the upper right corner of the driver icon to display the Actions menu, then click Edit Properties.

    or

    To add a GCV to the driver set, click Driver Set, then click Edit Driver Set properties.

To access the driver’s GCVs in Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select Properties > Global Configuration Values.

    or

    To add a GCV to the driver set, right-clickthe driver set icon , then click Properties > GCVs.

The GCVs are divided into the following categories:

A.2.1 Configuration

The configuration GCVs are divided into multiple categories:

New User Naming

Show New User Naming Options: Select Show to display the new user naming configuration options.

New User Naming: There are three options when naming newly provisioned eDirectory users:

  • Employee-Named-Based (Variable Length): There are different variations for how the user name is generated:

    • First character of Given Name + Surname

    • First character of Given Name + first character of Initials + Surname

    • First two characters of Given Name + Surname

    • First three characters of Given Name + Surname

    • First character of Given Name + Surname + digit starting with 1 incremented until the name is unique within eDirectory.

  • Employee-Name-Based (Fixed Length: There are different variations for how the user name is generated:

    • First character of Given Name + up to seven characters of Surname

    • First character of Given Name + first character of Initials + up to six characters of Surname

    • First two characters of Given Name + up to five characters of Surname

    • First character of Given Name + up to four characters of Surname + three digits padded with zeros if necessary, starting with 001 and incremented until the name is unique within eDirectory.

  • Attribute-Value-Based: The CN of the user object is named by the defined naming attribute value.

    • User Naming Attribute: Specify the attribute value that is used to name new users. The attribute must be supplied in the event.

Object Relationships

Show Object Relationships Options: Select Show to display the object relationship configuration options.

Discover Relationships: Select Yes to discover relationships between objects in the SAP HR data model.

  • Filter: Adds object classes to filter on to discover the relationships between objects in the SAP HR data model and eDirectory.

  • Object Class: Specify the object class you want to discover relationships for. Class names must be in the Identity Vault name space.

  • Attributes: Add all the relationship attributes you want to be populated. Attribute names must be in the Identity Vault name space.

Future Events

Show Future Event Options: Select Show to display the future event configuration options.

Record Future Events: Select Yes to record future events.

  • SAP Business Logic Driver: Browse to and select the SAP Business Logic driver servicing this HR driver instance.

  • Filter: Add all of the attributes you want to be notified of when changes happen in the future. Attribute names must be in the Identity Vault name space.

Debugging

Show Debugging Options: Select Show to display the debugging configuration options.

Enable logging for generated attribute names: Select True to enable logging for generated attribute names.

Process Logging

Show Process Logging Options: Select Show to display the process logging configuration options.

Enable process logging: Select True to enable process logging.

  • Daily Logfile: Select True to create a daily log file with the name of <YYYYmmDD>-<driver-name>-<drv.proclog.logfile>.

  • Log file name: Specify the final name of the driver log file.

  • Log file directory: Specify the directory where the log file is stored.

A.2.2 Password Synchronization

These GCVs enable password synchronization between the Identity Vault and the SAP HR system.

In Designer, you must click the icon next to a GCV to edit it. This displays the Password Synchronization Options dialog box for a better view of the relationship between the different GCVs.

In iManager, to edit the Password management options go to Driver Properties > Global Configuration Values, and then edit it in your Password synchronization policy tab.

For more information about how to use the Password Management GCVs, see Configuring Password Flow in the NetIQ Identity Manager Password Management Guide.

Connected System or Driver Name: Specify the name of the SAP HR system or the driver name. This valued is used by the e-mail notification template to identity the source of the notification message.

Application accepts passwords from Identity Manager: If True, allows passwords to flow from the Identity Manager data store to the connected system.

Identity Manager accepts passwords from application: If True, allows passwords to flow from the connected system to Identity Manager.

Publish passwords to NDS password: If True, allows the driver to use the password from the connected system to set the non-reversible NDS password in eDirectory.

Publish passwords to Distribution Password: If True, allows the driver to use the password from the connected system to set the NMAS Distribution Password used for Identity Manager password synchronization.

Require password policy validation before publishing passwords: If True, applies NMAS password policies during publish password operations. The password is not written to the data store if it does not comply.

Reset user’s external system password to the Identity Manager password on failure: If True, on a publish Distribution Password failure, attempts to reset the password in the connected system by using the Distribution Password from the Identity Manager data store.

Notify the user of password synchronization failure via e-mail: If True, allows the driver to notify the user by e-mail of any password synchronization failures.

A.2.3 Managed System Information

These settings help Identity Reporting to generate reports. There are different sections in the Managed System Information tab.

General Information

Name: Specifies a descriptive name for this SAP HR system. This name is displayed in the reports.

Description: Specifies a brief description of this SAP HR system. This description is displayed in the reports.

Location: Specifies the physical location of this SAP HR system. This location is displayed in the reports.

Vendor: Specifies SAP as the vendor of this SAP HR system. This information is displayed in the reports.

Version: Specifies the version of this SAP HR system. This version information is displayed in the reports.

System Ownership

Business Owner: Specifies the business owner in the Identity Vault for this SAP HR system. Ensure that a user object is selected. You must not select a role, group, or container.

Application Owner: Specifies the application owner in the Identity Vault for this SAP HR system. Ensure that a user object is selected. You must not select a role, group, or container.

System Classification

Classification: Specifies the classification of the SAP HR system. This information is displayed in the reports. The options are:

  • Mission-Critical

  • Vital

  • Not-Critical

  • Other

    If you select Other, you must specify a custom classification for the SAP HR system.

Environment: Specifies the type of environment the SAP HR system provides. The options are:

  • Development

  • Test

  • Staging

  • Production

  • Other

    If you select Other, you must specify a custom classification for the SAP HR system.

Connection and Miscellaneous Information

Connection and miscellaneous information: This options is always set to hide, so that you don’t make changes to these options. These options are system options for reporting. If you make any changes, reporting stops working.