A.2 Global Configuration Values

Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.

The Google Apps driver includes several predefined GCVs. You can also add your own if you discover you need additional ones as you implement policies in the driver.

To access the driver’s GCVs in iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit.

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, click the upper right corner of the driver icon to display the Actions menu, then click Edit Properties.

    or

    To add a GCV to the driver set, click Driver Set, then click Edit Driver Set properties.

To access the driver’s GCVs in Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select Properties > Global Configuration Values.

    or

    To add a GCV to the driver set, right-clickthe driver set icon , then click Properties > GCVs.

Table A-6 Global Configuration Values

Name

Description

Example Value

Google Apps Domain Name

Specify the name of the Google Apps domain managed by this driver.

mydomain.com

Base Container for users in eDirectory

Only users in or below this container will be synchronized to the connected Google System.

yourorg\users

Use Entitlement for User Account Creation

If this GCV is set to true then users will only be created in Google when the entitlement is granted.

True

Match Users who do not have a Google Account Entitlement.

If this GCV is set to true then users who have not been given an entitlement will be matched to existing Google Accounts. Otherwise the connector will not attempt to match users without a Google Account Entitlement they will just be blocked at the matching rule.

False

What should the Connector do when the Google Account entitlement is revoked?

This GCV determines how the connector will handle a user account who has their Account Entitlement revoked. Do Nothing: This means that if an Account Entitlement is revoked, then the driver will do nothing. The account will remain in the state it was in when it was revoked. Disable Account: If this is selected then when the entitlement is revoked. The account in Google will be disabled.Delete Account: This will tell the connector to Delete the account in Google when the entitlement is revoked.

Do Nothing

Base Container for Groups in eDirectory

Only Groups in or below this container will be synchronized to the connected Google System.

Yourorg/groups

Default visibility for Google Groups.

This GCV sets the default visibility for groups created in GoogleApps. If all your groups will be used as a distribution list available to users on the internet you will need to set the Value to Anyone-Internet Enabled. Note that by using the Policy Builder you can change the permissions on any group during add or modify events.

Owner, Member, Domain, Anyone

Base Container for Organizational Units in eDirectory

Only OU's in or below this container will be synchronized to the connected Google System. If placement is done with mirroring package this GCV is also used as the root container for where the mirror will start.

Myorg

What to use for intitial Password if Distribution Password not Present

If the system is not set up for universal password synchronization or the user account just doesnt have a distribution password set yet, then an initial password has to be set. This GCV tells the system whether to use an attribute off of the user account for an initial password or to use a random generated password. If the accounts are going to use SAML for authentication then a Random Password would be fine. Otherwise an attribute value should be selected.

Random PasswordAttribute Value from User

eDirectory attribute to use for initial password value.

This is the name of the attribute in edirectory that the Google driver should use for an initial password if no Distribution password is available on creation.

Surname

Number of letters to use in the Random Password

This is the number of Letters to use in the random password. when added to the value of the "Random password numbers" GCV It will determine the number of characters in the total Length

6

Number of numbers to use in the Random Password

This is the number of numbers to use in the random password. when added to the value of the "Random password letters" GCV It will determine the number of characters in the total Length.

6