3.6 Example Credential Provisioning Policies

The provisioning policies can be implemented and customized to meet the needs of your environment. The following example explains how to implement the polices for the scenario presented in Figure 1-1, Credential Provisioning with SecureLogin.

In the Finance scenario, SecureLogin provisioning occurs after a password is successfully set in SAP. Most of the necessary parameters are statically configured and available to all policies through the repository and application objects. However, there are non-static data parameters (sapUsername, password, DirXML-ADContext, and workforceID) that are available only after the SAP User Management driver <add> or <modify-password> commands complete and the <output> status document is returned from the SAP User Management driver shim. The <ouput> document no longer contains any of the Subscriber channel operation attributes and the user context of the command is lost, thus preventing queries on the object. It is therefore necessary to do the following:

Sample policies are available in XML format on the Identity Manager media. The filenames are SampleInputTransform.xml, SampleSubCommandTransform.xml, and SampleSubEventTransform.xml. The files are found in the following directory, where platform is linux, windows, aix, or solaris:

platform\setup\utilities\cred_prov

The files are installed to the Identity Manager server, if Credential Provisioning Sample Policies is selected during the installation of the utilities. The sample policies are installed to the following locations, depending upon the platform:

The sample policies provide a starting point to develop a policy that works for your environment.