2.1 Setting Up a Provisioning Project

The Provisioning view is only available for Designer projects that contain a User Application driver. After you set up an Identity Manager project and configure an Identity Vault and driver set for the project, you add and configure a User Application driver.

To use Designer to configure the Roles tab of the User Application, you must additionally add a Role Service driver to your project. See Section 2.1.2, Creating a Role Service Driver after completing Section 2.1.1, Creating a User Application Driver.

2.1.1 Creating a User Application Driver

  1. In an open Designer project, create a new driver by using one of these medoths:

    • Click Provisioning in the Palette, then drag a User Application icon onto the canvas.

    • Right-click the driver set for your project, then select New > Driver.

    • Click the driver set for your project, then select Model > Driver > New.

  2. Select User Application Base from the list of driver base packages in the Driver Configuration Wizard, then click Next.

  3. Use the following information to configure the driver:

    Field

    Description

    Driver Name

    Specify the name of an existing User Application driver (the driver specified during the User Application installation), or the name of a new User Application driver.

    Authentication ID

    Specify the DN of the User Application Administrator.

    Application password/Reenter password

    Specify the password for the User Application Administrator (above).

    Host

    Specify the hostname or IP address of the application server where the Identity Manager User Application is deployed. This information is used:

    • To trigger workflows on the application server to connect to access workflows (terminate, retract, and so on).

    • To update cached data definitions.

    Port

    Specify the port for the Host (above).

    Application context

    Specify context of the User Application context. For example, IDMProv.

    Allow Override Initiator

    This property applies to workflows that are started automatically. Workflows started automatically are typically started under the Admin identity. Selecting Yes for this property allows those workflows to be started under another user identity. For more information, see the Identity Manager User Application: Administration Guide.

  4. Click Next.

  5. Click Finish.

    NOTE:When you create a User Application driver, e-mail templates for the User Application are added to the Default Notification Collection. You must explicitly deploy them. They are not deployed by default when you deploy the User Application driver.

2.1.2 Creating a Role Service Driver

  1. In the same project where you created a User Application driver, click Provisioning in the Palette, then drag and drop Role Service icon onto the Modeler.

  2. Select Role and Resource Service Base from the list of driver base packages in the Driver Configuration Wizard, then click Next.

  3. Click Finish.

2.1.3 Modifying the Role Service Driver Properties

After creating the Role Service driver, you can optionally modify some of the driver configuration settings and modify the additional settings described in Table 2-1. To customize the additional settings:

  1. From the Outline view, select the Role Service driver, then right-click and select Properties.

  2. Select Driver Configuration (in the left pane).

  3. Click the Driver Parameters tab.

  4. Click the Driver Options tab. You can modify the driver’s properties that you specified when you created the driver as well as the properties described in Table 2-1.

  5. Click OK to save the changes.

Table 2-1 Additional Settings for Customizing the Role Service Driver

Field

Description

Number of days before processing removed request objects

The number of days the driver should wait before cleaning up request objects that have finished processing. This value determines how long you are able to track the status of requests that have been fulfilled.

Frequency of reevaluation of dynamic and nested groups (in minutes)

The number of minutes the driver should wait before reevaluating dynamic and nested groups. This value determines the timeliness of updates to dynamic and nested groups used by the User Application. In addition, this value can have an impact on performance. Therefore, before specifying a value for this option, you need to weigh the performance cost against the benefit of having up-to-date information in the User Application.

Generate audit events

Determines whether audit events are generated by the driver.

2.1.4 About E-Mail Notification Templates

Identity Manager includes a standard set of e-mail notification templates, (see Working with E-Mail Templates in the User Application: Administration Guide). When you create a User Application driver, any e-mail notification templates that are missing from the standard set are replaced. However, existing e-mail notification templates, which might come from an earlier version of Identity Manager, are not updated. To replace existing templates with new templates:

  1. Expand the Outline view.

  2. In the Default Notification Collection, delete the e-mail notification templates that you want to replace.

  3. Right-click Default Notification Collection and select Add Default Templates or Add All Templates.

    You can also use this command at any time to update e-mail notification templates without creating a new User Application driver.

  4. To deploy the e-mail notification templates to the Identity Vault, right-click Default Notification Collection and select Live > Deploy.