A.2 Global Configuration Values

Global configuration values (GCVs) enable you to specify settings for the Identity Manager features such as password synchronization and driver heartbeat, as well as settings that are specific to the function of an individual driver configuration. Some GCVs are provided with the drivers, but you can also add your own.

In iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit:

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the Delimited Text driver icon, then click the upper right corner of the driver icon to display the Actions menu.

  4. Click Edit Properties to display the driver’s properties page.

  5. Click Global Config Values to display the GCV page.

In Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select Properties > Global Configuration Values.

The Global Configuration Values are divided into the following categories:

A.2.1 Default Configuration

The following GCVs control the configuration of the Delimited Text driver:

  • Field Delimiter: Specifies the character that is used to delimit field values in the input files. It must be one character. You can also use the tab as the delimiter field value. Tab is represented as {tab}. The default is a comma.

    If the values of any of the input fields contain this character, enclose the entire value in quotes to prevent it from being seen as a delimiter. Changing this delimiter parameter to something other than a comma does not automatically change the delimiter character used in the output files when a Subscriber is used. To change the delimiter character in the output files, edit the Output Transform style sheet. The delimiter character is assigned to a variable at the beginning of that style sheet. For example, to change the delimiter, locate the <xsl:variable name="delimiter" select="','"/> line in the default style sheet and modify it appropriately.

    This option in the driver configuration synchronizes User, Group, Organization, Country, and Organizational Unit objects. It also mirrors the structure of a subtree in the other tree.

  • Field Names: Specifies a comma-separated list of attribute names that can be referred to in the Schema Mapping rule. In the input files, the fields of the records must correspond to the order and positioning of the names in this list.

    For example, if you list eight field names in this parameter, each record of the input files should have eight fields separated by the field delimiter character. On Windows, see sample.csv in the delimitedtext/samples directory for an example. On Solaris and Linux, sample.csv is located in the /usr/lib/dirxml/rules/delim directory.

    The default values are LastName, FirstName, Title, Email, WorkPhone, Fax, WirelessPhone, and Description.

  • Association Attribute: Specifies the attribute value used for association.

A.2.2 Entitlements

The following options are enabled or displayed when the Entitlements package is installed. For more information about entitlements, see Section 1.3.2, Entitlements.

Enable Permission Collection and Reconciliation: Select the value of this parameter to True for allowing permission collection and entitlement assignment. By default it is set to False, which allows the driver to override any other conditions to reconcile custom entitlements.

Enable Permission Reconciliation for all Custom Entitlements: If the value of this parameter is set to No, it allows you to select specific custom entitlements for reconciling them. By default, it is set to Yes, which allows reconciling of all custom entitlements.

Add Custom Entitlements for Reconciliation: This parameter is presented if the value of Enable Permission Reconciliation for all Custom Entitlements is set to No.

Click the Add icon to add custom entitlements you want to selectively onboard and specify Assignment Attribute Name for them.

A.2.3 Password Synchronization

The following GCVs control password synchronization for the Delimited Text driver. For more information, see the Identity Manager 4.0.2 Password Management Guide.

In Designer, you must click the icon next to a GCV to edit it. This displays the Password Synchronization Options dialog box for a better view of the relationship between the different GCVs.

In iManager, you should edit the Password Management Options on the Server Variables tab rather than under the GCVs. The Server Variables page has a better view of the relationship between the different GCVs.

Connected System Name or Driver Name: Specify the name of the driver. The e-mail notification template uses this value to identify the source of the notification message.

Application accepts passwords from Identity Manager: If True, allows passwords to flow from the Identity Manager data store to the connected system.

Identity Manager accepts passwords from application: If True, allows passwords to flow from the connected system to Identity Manager.

Publish passwords to NDS password: Use the password from the connected system to set the non-reversible NDS password in eDirectory.

Publish passwords to Distribution Password: Use the password from the connected system to set the NMAS Distribution Password used for Identity Manager password synchronization.

Require password policy validation before publishing passwords: If True, applies NMAS password policies during publish password operations. The password is not written to the data store if it does not comply.

Reset user’s external system password to the Identity Manager password on failure: If True, on a publish Distribution Password failure, attempt to reset the password in the connected system by using the Distribution Password from the Identity Manager data store.

Notify the user of password synchronization failure via e-mail: If True, notify the user by e-mail of any password synchronization failures.

A.2.4 Managed System Information

These settings help the Identity Reporting Module function to generate reports. There are different sections in the Managed System Information tab.

General Information

Name: Specifies a descriptive name for this Identity Vault.

Description: Specifies a brief description of this Identity Vault.

Location: Specifies the physical location of this Identity Vault.

Vendor: Specifies the vendor of the Identity Vault.

Version: Specifies the version of this Identity Vault.

System Ownership

Business Owner: Browse to and select the business owner in the Identity Vault for this Identity Vault. You must select a user object, not a role, group, or container.

Application Owner: Browse to and select the application owner in the Identity Vault for this Identity Vault. You must select a user object, not a role, group, or container.

System Classification

Classification: Specifies the classification of the Identity Vault. This information is displayed in the reports. The options are:

  • Mission-Critical

  • Vital

  • Not-Critical

  • Other

    If you select Other, you must specify a custom classification for the Identity Vault.

Environment: Specifies the type of environment the Identity Vault provides. The options are:

  • Development

  • Test

  • Staging

  • Production

  • Other

    If you select Other, you must specify a custom classification for the Identity Vault.

Connection and Miscellaneous Information

Connection and miscellaneous information: This options is always set to hide, so that you don’t make changes to these options.