8.4 Tools for Managing Associations

NetIQ iManager provides two tools to enable you to view and manage the associations between drivers and objects (data):

  • The Driver Inspector displays all objects associated with a driver and lets you perform various actions on those associations, such as deleting an object or modifying its properties.

  • The Object Inspector displays all connected systems associated with an object. For each association, you can perform various actions, including viewing the object’s data flow between the Identity Vault and the connected system, configuring the connected system’s driver or driver set, viewing the entitlements, and removing the association between the object and the connected system.

8.4.1 Inspecting Objects

You can use the Object Inspector to view detailed information about how an object participates in Identity Manager relationships. These relationships include the connected systems that are associated with the object, how data flows between the Identity Vault and the connected systems, the attribute values that are currently stored in the Identity Vault and on the connected systems, the connected system driver configurations, and so forth.

  1. In iManager, open the Identity Manager Administration page.

  2. In the Administration list, click Object Inspector to display the Object Inspector page.

  3. Specify the fully distinguished name of the object that you want to inspect, or click the browse icon to browse to and select the desired object.

    iManager keeps a record of the objects you have previously selected, so you can also use the History icon icon to select from a list of previously selected objects.

  4. After you have selected the object, click OK to display the Object Inspector page.

    The Connected Systems section lists each of the connected systems with which the object is associated. You can perform any of the following actions:

    • Delete: To delete an association with a connected system, select the check box to the left of the association and click Delete. To delete all associations, select the check box beneath the Delete column, then click Delete.

    • Refresh: Select Refresh to re-read the connected system associations and refresh the table.

    • Actions: Select a connected system by clicking the check box to the left of the association reference (you do not need to select any boxes for the Add New Association action item). Click Actions, then choose one of the following options:

      • Run Overview on Driver: Launches the overview page for the connected system's driver.

      • Run Overview on Driver Set: Launches the overview page for the connected system's driver set.

      • Configure Driver: Launches the properties page for the connected system's driver so that you can modify the driver’s properties.

      • Configure Driver Set: Launches the properties page for the connected system's driver set so that you can modify the driver set’s properties.

      • Add New Association: Prompts you for the parameters necessary to add new attribute values to the object's DirXML-Association attribute.

      • Edit Selected Association: Prompts you to edit the parameters of the connected system's DirXML-Association attribute values.

      • View Entitlements: Displays a list of the entitlements associated with the connected system. The list displays the current state of the entitlement (granted or revoked) as well as the source of the entitlement (for example, workflow or role-based).

    • Connector: Lists the connected system's fully distinguished name that is associated with the object. Click the plus (+) icon next to the connected system to see how data flows through the connected system.

      The Servers entry shows the servers that are associated with the driver set. Clicking the Edit icon to the right of the server brings up the server’s properties page in a pop-up window. Clicking the Query icon queries the attribute values for all classes in the driver filter. The larger the filter, the longer the query takes. If the Inspector cannot communicate with the connected system, you see a message stating that the attribute cannot be queried from the application.

      The driver filter’s associated classes (such as Group) and their attributes (such as Description and Member) are listed under the Server entry. Click the class to see all of the values for the defined attributes in that class. You can also click an attribute to see its values, or you can click the entries to the right of the attributes to see just the Identity Vault value or the application value. If no value has been defined, the entry displays No Values. If the Inspector cannot communicate with the connected system, you see a message stating that the attribute cannot be queried from the application.

    • States: The connected system’s driver states are Enabled, Disabled, Processed, Pending, Manual, and Migrate.

    • Object ID: The identification value of the associated object to the connected system. If the connected system driver has no identification, this column displays None.

8.4.2 Inspecting Drivers

You can use the Driver Inspector to view detailed information about the objects associated with a driver.

  1. In iManager, open the Identity Manager Administration page.

  2. In the Administration list, click Driver Inspector to display the Driver Inspector page.

  3. In the Driver to inspect field, specify the fully distinguished name of the driver that you want to inspect, or click the browse icon to browse to and select the desired driver.

    iManager keeps a record of the objects you have previously selected, so you can also use the History icon icon to select from a list of previously selected objects.

  4. After you have selected the driver to inspect, click OK to display the Driver Inspector page.

    The page displays information about the objects associated with the selected driver. You can perform any of the following actions:

    • Driver: Displays the name of the inspected driver. Click the driver name to display the Driver Overview page.

    • Driver Set: Displays the name of the driver set in which the inspected driver resides. Click the driver set name to display the Driver Set Overview page.

    • Delete: Removes the association between the driver and an object. Select the check box in front of the object you no longer want associated with the driver, click Delete, then click OK to confirm the deletion.

    • Refresh: Select this option to re-read all of the objects associated with the driver and refresh the information.

    • Show: Select the number of associations to display per page. You can select a predefined number (25, 50, or 100) or specify another number of your choice. The default is 50 associations per page. If there are more associations than the number displayed, you can use the arrow buttons to display the next and previous pages of associations.

    • Actions: Perform actions on the objects associated with the driver. Click Actions, then select one of the following options:

      • Show All Associations: Displays all objects associated with the driver.

      • Filter for Disabled Associations: Displays all objects associated with the driver that have a Disabled state.

      • Filter for Manual Associations: Displays all objects associated with the driver that have a Manual state.

      • Filter for Migrate Associations: Displays all objects associated with the driver that have a Migrate state.

      • Filter for Pending Associations: Displays all objects associated with the driver that have a Pending state.

      • Filter for Processed Associations: Displays all objects associated with the driver that have a Processed state.

      • Filter for Undefined Associations: Displays all objects associated with the driver that have an Undefined state.

      • Association Summary: Displays the state of all objects associated with the driver.

    • Object DN: Displays the DN of the associated objects.

    • State: Displays the association state of the object.

    • Object ID: Displays the value of the association.