A.2 Global Configuration Values

Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.

The SharePoint driver includes many GCVs. You can also add your own if you need additional ones as you implement policies in the driver.

To access the driver’s GCVs in iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit.

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the SharePoint driver icon, click the upper right corner of the driver icon to display the Actions menu, then click Edit Properties.

    or

    To add a GCV to the driver set, click Driver Set, then click Edit Driver Set properties.

To access the driver’s GCVs in Designer:

  1. Open a project in the Modeler.

  2. Right-click the Active Directory driver icon or line, then select Properties > Global Configuration Values.

    or

    To add a GCV to the driver set, right-clickthe driver set icon , then click Properties > GCVs.

The global configuration values are organized as follows:

A.2.1 Driver Configuration

Use the following GCVs to control how the driver is configured.

Site collection URL: The URL of the top-level SharePoint site collection with which the shim will interact.

AD Domain Name: The Active Directory domain name of the domain used by the SharePoint site collection. This value is used with the value of the Identity Vault DirXML-ADAliasName attribute to construct the SharePoint User LoginName attribute (for example, AD-DOMAIN and JDoe become AD-DOMAIN\JDoe).

AD Driver: The Active Directory driver that synchronizes user to the Active Directory domain that SharePoint uses for authentication. If a driver is specified here, a valid association from that driver on the user is a prerequisite to synchronizing the user to SharePoint. The users synchronizes to Active Directory before synchronizing to SharePoint.

A.2.2 Entitlements

There are multiple sections in the Entitlements tab. Depending on which packages you installed, different options are enabled or displayed.

Entitlements Configuration

Use the following GCVs to control how the entitlements for the driver work. For more information about entitlements, see the NetIQ Identity Manager Entitlements Guide.

Use User Account Entitlement: Entitlements act like an On/Off switch to control account access. Enable the driver for entitlements to create accounts, and remove/disable when the account entitlement is granted to or revoked from users. If you select True, user accounts in SharePoint can be controlled by using Entitlements.

  • When account entitlement revoked: Select the desired action in the SharePoint system when a User Account entitlement is revoked from an Identity Vault user. The options are Remove user from the SharePoint site collection or do nothing.

  • Parameter Format: Select the parameter format the entitlement agent must use. The options are Identity Manager 4 or Legacy.

Use Group Entitlement: Select True to enable the driver to manage group membership based on the driver’s Group entitlement.

  • Parameter Format: Select the parameter format the entitlement agent must use. The options are Identity Manager 4 or Legacy.

Role Mapping

The Identity Applications allow you to map business roles with IT roles. For more information, see the

Enable role mapping: Select Yes to make this driver visible in Identity Applications.

Allow mapping of user accounts: Select Yes if you want to allow mapping of user accounts in Identity Applications. An account is required before a role, profile, or license can be granted through Identity Applications.

Allow mapping of groups: Select Yes if you want to allow mapping of groups in Identity Applications.

Resource Mapping

Identity Applications allow you to map resources to users. For more information, see the NetIQ Identity Manager - User’s Guide to the Identity Applications.

Enables resource mapping: Select Yes to make this driver visible to Identity Applications.

Allow mapping of user accounts: Select Yes if you want to allow mapping of user accounts in Identity Applications. An account is required before a role, profile, or license can be granted.

Allow mapping of groups: Select Yes if you want to allow mapping of groups in Identity Applications.

Entitlement Extensions

User account extensions: The content of this field is added below the entitlement elements in the EntitlementConfiguraiton resource object.

Group extensions: The content of this field is added below the entitlement element in the EntitlementConfiguration resource object.