1.3 Creating the Driver Object in Designer

The Designer tool helps you to create the driver object. You need to install the driver packages and then modify the configuration parameters. After you create and configure the driver, you need to deploy it to the Identity Vault and start it. Creating the driver object in Designer consists of the following tasks:

NOTE:NetIQ recommends that you use the new package management features provided in Designer to create the driver. You should not create driver objects using the Identity Manager 4.0 or from the earlier versions and from the configuration files through iManager. This method of creating driver objects is no longer supported.

1.3.1 Importing the Current Driver Packages

The driver packages contain the items required to create a driver, such as policies, entitlements, filters, and Schema Mapping policies. These packages are only available in Designer and can be updated after they are initially installed. You must have the most current version of the packages in the Package Catalog before you can create a new driver object.

To verify that you have the most recent version of the driver packages in the Package Catalog:

  1. Open Designer.

  2. In the toolbar, click Help > Check for Package Updates.

  3. Click OK to update the packages

    or

    Click OK if the packages are up-to-date.

  4. In the Outline view, right-click the Package Catalog.

  5. Click Import Package.

  6. Select the required driver package

    or

    Click Select All to import all the packages displayed.

    By default, only the base packages are displayed. Deselect Show Base Packages Only to display all packages.

  7. Click OK to import the selected packages, then click OK in the successfully imported packages message.

  8. After the current packages are imported, continue with Installing the Driver Packages.

1.3.2 Installing the Driver Packages

After you have imported the current driver packages into the Package Catalog, you can install the driver packages to create a new driver, or update the existing driver package. Refer to the specific driver guides available in Identity Manager 4.8 Drivers Documentation page for the required packages to be installed.

To install driver packages, you have to set-up Identity Vault and the driver set.

Setting Up the Identity Vault

If you are installing the driver for the first time you must setup the Identity Vault first for the driver to be configured. Perform the following steps to install an Identity Vault in the Modeler window.

  1. In Designer > Outline view, open your project.

  2. Right click project > New > Identity Vault, or drag and drop Identity Vault from the Palette to Modeler window.

    The Add Server Association screen appears.

  3. In the Add Server Association screen, select the following field values and click OK.

    • Server DN

    • Identity Manager Version

    • Identity Manager Edition

    The Identity Vault Credentials window appears.

  4. In Identity Vault Credentials window, enter:

    Field

    Description

    Host

    The identity vault hosting machine's IP address

    Username

    The name of the user, for example, Admin, if the user is an administrator.

    Password

    Password of user to login to the identity vault

  5. Select Save Password, if you want to save your password for easy logins in the future.

  6. Click OK.

    The Identity Vault and the Driver Set appears in the Modeler window as shown in the following image.

Setting Up a New Driver Object

Once the Identity Vault is setup, you can add the required driver to connected to the Identity Vault. The drivers are categorized and available in the right pane under the respective categories.

  1. In the right pane, drag and drop the driver object from the respective category tab to the Modeler.

  2. In the Driver Configuration Wizard, select the base package.

    NOTE:You can only select one base package.

  3. Click Next.

  4. Select the optional features to install for the selected driver and click Next. The package dependencies window appears.

  5. (Conditional) Click OK to install the package dependency listed.

    NOTE:If there are any dependent packages associated with the selected package, you must install them to proceed.

  6. On the Driver Information page, specify a name for the driver, then click Next. The driver configuration page appears.

    IMPORTANT:As the driver configuration parameters and their corresponding values are unique to each individual driver, you must refer to the driver specific configurations in the respective driver guides. For more information see, Identity Manager Drivers Documentation Website for driver specific guides.

1.3.3 Configuring the Driver Object

After the driver packages are installed, you need to configure the driver before it can run. You should complete the following tasks to configure the driver:

  • Configure the driver parameters: There are many settings that can help you customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs). Although it is important for you to understand all of the settings, your first priority should be to review the Section B.0, Driver Properties. The Driver Parameters let you configure the publication method and other parameters associated with the Publisher channel.

  • Customize the driver policies and filter: The driver policies and filter control data flow between the Identity Vault and the application. You should ensure that the policies and filters reflect your business needs.

  • Set Up a Secure HTTPS Connection: The connection between the driver and the connected system can be configured to use a secure HTTPS connection rather than an HTTP connection.

After completing the configuration tasks you must deploy the driver.

1.3.4 Deploying the Driver

After the driver object is created in Designer, it must be deployed into the Identity Vault.

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon or the driver line, then select Live > Deploy.

  3. If you are authenticated to the Identity Vault, skip to Step 4; otherwise, specify the following information, then click OK.

    Field

    Description

    Host

    Specify the IP address or DNS name of the server hosting the Identity Vault.

    Username

    Specify the DN of the user object used to authenticate to the Identity Vault.

    Password

    Specify the user’s password.

  4. Read the deployment summary, then click Deploy.

  5. Read the message, then click OK.

  6. Click Define Security Equivalence to assign rights to the driver.

    The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.

    1. Click Add, then browse to and select the object with the correct rights.

    2. Click OK twice.

      For more information about defining a Security Equivalent User in objects for drivers in the Identity Vault, see the NetIQ Identity Manager Security Guide.

  7. Click Exclude Administrative Roles to exclude users that should not be synchronized.

    You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.

    1. Click Add, then browse to and select the user object you want to exclude, then click OK.

    2. Repeat Step 7.a for each object you want to exclude, then click OK.

  8. Click OK.

  9. Continue with the next section,Starting the Driver.

1.3.5 Starting the Driver

When a driver is created, it is stopped by default. To make the driver work, you must start the driver. Identity Manager is an event-driven system, so after the driver is started, it remains idle until an event occurs. You can use iManager or dxevent commands to start the driver.

To start the driver using Designer:

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon or the driver line, then select Live > Start Driver.

To start the driver using iManager:

  1. Login to iManager, select Identity Manager Administration if not defaulted already.

  2. Click Identity Manager Overview.

  3. Browse to and select the driver set object that contains the driver you want to start.

  4. Click the driver set name to access the Driver Set Overview page.

  5. Click the upper right corner of the driver, then click Start driver.

IMPORTANT:When you start the driver for the first time, don't add new users to the Publisher channel until the first polling interval completes because the driver treats all users as existing users and stores them in the change cache without sending them to the Identity Manager engine. It sends the new users to the Identity Manager engine from the next polling interval. Therefore, ensure that new users are added to the Publisher channel after the first polling cycle completes.