4.1 Creating the Driver in Designer

You create the RSA driver by installing the driver packages and then modifying the configuration to suit your environment. After you create and configure the driver, you need to deploy it to the Identity Vault and start it.

4.1.1 Importing the Current Driver Packages

The driver packages contain the items required to create a driver, such as policies, entitlements, filters, and Schema Mapping policies. These packages are only available in Designer and can be updated after they are initially installed. You must have the most current version of the packages in the Package Catalog before you can create a new driver object.

To verify that you have the most recent version of the driver packages in the Package Catalog:

  1. Open Designer.

  2. In the toolbar, click Help > Check for Package Updates.

  3. Click OK to update the packages

    or

    Click OK if the packages are up-to-date.

  4. In the Outline view, right-click the Package Catalog.

  5. Click Import Package.

  6. Select any RSA driver packages

    or

    Click Select All to import all of the packages displayed.

    By default, only the base packages are displayed. Deselect Show Base Packages Only to display all packages.

  7. Click OK to import the selected packages, then click OK in the successfully imported packages message.

  8. After the current packages are imported, continue with Section 4.1.2, Installing the Driver Packages.

4.1.2 Installing the Driver Packages

After you have imported the current driver packages into the Package Catalog, you can install the driver packages to create a new driver.

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver set where you want to create the driver, then click New > Driver.

  3. Select RSA Base, then click Next.

  4. Select the default configuration for the RSA driver.

    This package contains the default configuration information for the RSA driver. Always leave this option selected.

  5. Click Next.

  6. (Conditional) If there are package dependencies for the packages you selected to install, you must install them to install the selected package. Click OK to install the package dependencies that are listed.

  7. (Conditional) If more than one type of package dependency must be installed, you are presented with these packages separately. Continue to click OK to install any additional package dependencies.

  8. Click Next.

  9. On the Driver Information page, specify a name for the driver, then click Next.

  10. On the Application Authentication page, fill in the following fields:

    Authentication ID: Specify the username for the RSA user created for the driver if the driver is connecting to RSA 7.1.This is the user created in Section 3.1, Creating an RSA Authentication Manager 7.1 User Object with SuperAdminRole Rights. Leave this field blank for RSA 6.1.

    Connection Information: Specify the connection information for the driver to connect to the RSA 7.1 server. Leave this field blank for RSA 6.1.

    Password: Specify the password for the RSA user created for the driver if the driver is connecting to RSA 7.1. This is the password created in Section 3.1, Creating an RSA Authentication Manager 7.1 User Object with SuperAdminRole Rights. Leave this field blank for RSA 6.1.

  11. Click Next.

  12. Fill in the following fields for Remote Loader information:

    Connect To Remote Loader: Select Yes or No to determine if the driver will use the Remote Loader. For more information, see the Identity Manager 4.0 Remote Loader Guide.

    If you select No, skip to Step 13. If you select Yes, use the following information to complete the configuration of the Remote Loader.

    Host Name: Specify the IP address or DNS name of the server where the Remote Loader is installed and running.

    Port: Specify the port number for this driver. Each driver connects to the Remote Loader on a separate port. The default value is 8090.

    Remote Loader Password: Specify a password to control access to the Remote Loader. It must be the same password that is specified as the Remote Loader password on the Remote Loader.

    Driver Password: Specify a password for the driver to authenticate to the Metadirectory server. It must be the same password that is specified as the Driver Object Password on the Remote Loader.

  13. Click Next.

  14. Review the summary of tasks that will be completed to create the driver, then click Finish.

  15. After you have installed the driver, you must change the configuration for your environment. Proceed to Section 4.1.3, Configuring the Driver.

4.1.3 Configuring the Driver

After importing the driver configuration file, you need to configure the driver before it can run. You should complete the following tasks to configure the driver:

  • Configure the driver parameters: There are many settings that can help you customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs). Although it is important for you to understand all of the settings, your first priority should be to review the Driver Parameters located on the Driver Configuration page. The Driver Parameters let you configure the RSA API version and API version specific attributes. You can also configure the publisher options through the Driver Parameters.

  • Configure the driver filter: Modify the driver filter to include the object classes and attributes you want synchronized between the Identity Vault and RSA Authentication Manager. For instructions, see Section 6.0, Synchronizing Data.

  • Configure policies: Modify the policies as needed. For information about the default configuration policies, see Policies.

After completing the configuration tasks, continue with the next section, Section 4.1.4, Deploying the Driver.

4.1.4 Deploying the Driver

After a driver is created in Designer, it must be deployed into the Identity Vault.

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon Driver icon or the driver line, then select Live > Deploy.

  3. If you are authenticated to the Identity Vault, skip to Step 5; otherwise, specify the following information:

    Host: Specify the IP address or DNS name of the server hosting the Identity Vault.

    Username: Specify the DN of the user object used to authenticate to the Identity Vault.

    Password: Specify the user’s password.

  4. Click OK.

  5. Read through the deployment summary, then click Deploy.

  6. Read the successful message, then click OK.

  7. Click Define Security Equivalence to assign rights to the driver.

    The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.

    1. Click Add, then browse to and select the object with the correct rights.

    2. Click OK twice.

  8. Click Exclude Administrative Roles to exclude users that should not be synchronized.

    You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.

    1. Click Add, then browse to and select the user object you want to exclude.

    2. Click OK.

    3. Repeat Step 8.a and Step 8.b for each object you want to exclude.

    4. Click OK.

  9. Click OK.

4.1.5 Starting the Driver

When a driver is created, it is stopped by default. To make the driver work, you must start the driver and cause events to occur. Identity Manager is an event-driven system, so after the driver is started, it won’t do anything until an event occurs.

To start the driver:

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon Driver icon or the driver line, then select Live > Start Driver.

For information about management tasks with the driver, see Section 5.0, Managing the Driver.