3.3 Configuring Identity Vaults

To view or change an Identity Vault’s settings, double-click the Identity Vault object in the Outline view or the Modeler.

The Identity Vault Properties page has several options. In addition, you can configure a hostname in the hosts file.

3.3.1 Configuration

The following table contains a description of each of the Identity Vault configuration settings.

Table 3-2 Configuration Settings for an Identity Vault

Field	Description
Vault name	The name of the Identity Vault object. The default is Identity Vault.
Host	The eDirectory host where you plan to log in and deploy.
Username	The eDirectory username in LDAP format that has sufficient rights to make changes to objects associated with this deployment. For example, cn=admin,ou=sa,o=system.
Password	The password for the eDirectory username.
Save Password	Saves the password permanently, so you are authenticated into this Identity Vault each time you open Designer. If you use this option, the password is saved locally in Designer’s file system and is not secure. If you do not select this option, the password is remembered only until you close Designer.
Secure Connection	You can enable a secure or a non-secure connection between Designer and the Identity Vault. Secure Connection: In a secure connection, the LDAP server listens on port 636 by default. If you configured the secure port as 700, specify this port number in the Host field. For example, 192.99.78.51:700. When connecting through a secure port, Designer prompts you to import the Identity Vault’s Certificate Authority certificate into Designer. You must accept this certificate to establish a secure connection with the Identity Vault. Designer provides the following options to accept the certificate: Accept this certificate permanently: Instructs Designer to not prompt you again for accepting the certificate for future authentication with an Identity Vault. When this option is enabled, Designer permanently stores the certificate in /opt/netiq/tools/Designer/configuration or C:\netiq\idm\apps\Designer\configuration directory. Accept this certificate temporarily for this session: Instructs Designer to stop prompting you for accepting the certificate until the connection expires. Do not accept this certificate and do not authenticate: Instructs Designer to reject the certificate. The connection is not established without a certificate. Remember this selection of certificate import: Instructs Designer to remember your choice of certificate import for future authentication. To change the certificate import settings, go to the Modeler preferences and click Window > Preferences > NetIQ > Designer > LDAP Connection. Non-secure Connection: If you use a non-secure connection, all the information you enter, such as user names and passwords, is sent over the wire in clear text. The LDAP server listens on port 389 in a non-secure connection by default. NOTE:For security reasons, named passwords will be deployed only in a secure connection. If you want to use a non-default port, specify the port number of the LDAP server for establishing a connection. To change the secure and non-secure port numbers, open the Properties view of an Identity Vault and change the default values for ldapSecureTextPort and ldapClearTextPort fields respectively. If you add additional servers to the Identity Vault after initial connection, Identity Vault automatically assigns the default secure and non-secure port numbers to the server.
Test Connection	Selecting this button allows the user to create, or, if a connection is unresponsive, to re-create a connection to the Identity Vault. If a connection has not been established to the Identity Vault, the button displays Test connection. After a connection is established, the button displays Refresh connection.
Deploy Context	The default DN container assigned to all driver sets that are associated with this Identity Vault. If you specify a DN container on the Driver Set object, that setting takes precedence over the default setting.
Enable Package Developer Mode	Enables additional features in Designer to allow developers to create packages. For more information, see Section 7.0, Developing Packages.

3.3.2 Administrator

The Administrator option is divided into three sections. Entering information in these sections is optional.

Personal Information: Lets you enter information specific to the Identity Vault, such as Name, Title, Department, and Location.
Contact Information: Lets you enter information such as Email, Phone, Cell Phone, Pager, and Fax.
Notes: Allows you to type any reminders you might need for future reference.

3.3.3 Workflow Forms

The Workflow Forms option allows you to configure the Form Backend URL for each Identity Vault instances individually.

To configure a URL, click Add Registry and then specify the DNS or IP Address of the server where Workflow Forms will be rendered. Similarly, to delete an existing URL, click Delete Registry.

NOTE:If you do not configure the Form Backend URL using this option, the configuration details specified in the ServiceRegistry.json file will be considered. The ServiceRegistry.json file can be located at the following directories based on your platform:

Linux: /<designer installed location>/configuration
Windows: C:\netiq\idm\apps\Designer\configuration

3.3.4 Packages

The Packages option allows you to manage any packages at the Identity Vault level. A package at the Identity Vault level contains Notification Templates or sample data such as users or the Identity Vault structure. Identity Vault packages are applied to all of the drivers that reside in the selected Identity Vault.

The following table lists the options available to manage packages. For more information about packages, see Section 6.0, Understanding Packages.

Table 3-3 Managing Packages Options

Options	Descriptions
Add package	Adds a package to the Identity Vault. You must add a package before you can install a package. Click the Add package icon, then select the package to install and click OK.
Create package	The Create package option is only available if the Enable Package Developer Mode is selected in the Identity Vault Configuration page. Only developers create packages for redistribution.
Package	Lists the name and current state of the package.
Version	Lists the version of the package.
Upgrades	Indicates that there is a newer version of a package imported into the package catalog, but it has not been installed. The package needs to be upgraded.
Operation	Lists the following operations that can be performed on a package: Install: The Install option is only available after a package is added to the Identity Vault. Select Install, then click Apply to install the package. Uninstall: The Uninstall option is only available after a package is installed to the Identity Vault. Select Uninstall, then click Apply to uninstall the package. Upgrade: The Upgrade option is only available if there is a newer version of the package available for installation. Select Upgrade, then click OK to upgrade the package. Downgrade: The Downgrade option is only available if you have upgraded a package and the older package is installed in the package catalog. Select Downgrade, then click OK to downgrade the package. Revert Customizations: The Revert Customizations option is only available if you have made changes to the policies that are installed with a package. Select Revert Customization, then click Apply to remove the customization.

3.3.5 Server List

The Server List option displays the servers that are associated with the selected Identity Vault. You can add, edit, or remove the server entries.

NOTE:If you select the option to allow a default server to be created, that server shows up as Default Server.default_container in the list. You cannot deploy a driver set into an existing eDirectory tree if you have Default Server.default_container in the Server List. You must first remove this reference and add a Identity Manager server in an eDirectory tree.

3.3.6 iManager

The iManager option displays the URL that Designer uses to launch the NetIQ iManager administrative tool. You can modify this URL as needed.

To launch iManager from Designer, select Tools > iManager.

3.3.7 Local Hostname

If desired, Designer supports designating a hostname for your Identity Vault by adding an entry to the hosts file of your local operating system. After assigning a hostname to the Host address of your Identity Vault, you can use the hostname instead of an IP address or DNS name to access the Identity Vault.

For example, if your Identity Vault has a host address of 192.168.100.254, you can associate the name ID-VAULT to that address in your local hosts file. Then, in Designer, you can refer to the Identity Vault by the name ID-VAULT instead of using the IP address.

For more information about using your local hosts file, consult your operating system’s documentation.