3.2 Creating the Driver Object in Designer

To create a Delimited Text driver object, install the driver packages and then modify the configuration to suit your environment. After you create and configure the driver object, you need to deploy it to the Identity Vault and start it.

3.2.1 Importing the Current Driver Packages

The driver packages contain the items required to create a driver, such as policies, entitlements, filters, and Schema Mapping policies. These packages are only available in Designer. You can upgrade any package that is installed if there is a newer version of the package available. It is recommended to have the latest packages in the Package Catalog before creating a new driver object. Designer prompts you for importing the required packages when it creates the driver object. For more information on upgrading packages, see Upgrading Installed Packages in the Designer 4.0.2 for Identity Manager 4.0.2 Administration Guide.

To verify you have the latest packages in the Package Catalog:

  1. Open Designer.

  2. In the toolbar, click Help > Check for Package Updates.

  3. Click OK if there are no package updates

    or

    Click OK to import the package updates.

  4. In the Outline view, right-click the Package Catalog.

  5. Click Import Package.

  6. Select the Delimited Text packages.

    or

    Click Select All to import all of the packages displayed, then click OK.

    By default, only the base packages are displayed. Deselect Show Base Packages Only to display all packages.

    IMPORTANT:If you want the driver to support the Permission Collection and Reconciliation Service functionality, ensure you import the following packages to the driver:

    • NOVLDTXTBASE_2.2.0 (Base Package)

    • NOVLDTXTENT_2.0.0 (Entitlements Package)

    • NOVLACOMSET_2.0.0 (Common Settings Advanced Edition Package)

    For information about the Permission Collection and Reconciliation service, see Understanding Permission Collection and Reconciliation Service in the NetIQ Identity Manager 4.0.2 Common Driver Administration Guide.

  7. Click OK to import the selected packages, then click OK in the successfully imported packages message.

  8. After the current packages are imported, continue with Section 3.2.2, Installing the Driver Packages.

3.2.2 Installing the Driver Packages

To install the driver packages:

  1. Start Designer and open your project.

  2. In the Modeler, right-click the driver set where you want to create your new driver, then select New > Driver.

  3. Select Delimited Text Base from the list of base packages, then click Next.

  4. Select the optional features to install for the Delimited Text driver.

    All options are selected by default. The options are:

    • Delimited Text Entitlements: This package contains policies for quick onboarding of custom entitlements and dynamic resource creation. This package also contains GCVs to control the resource mapping. Select this package if you want to enable the entitlement onboarding feature for this driver. For more information, see Understanding Permission Collection and Reconciliation Service in the NetIQ Identity Manager 4.0.2 Common Driver Administration Guide.

      NOTE:If you are enabling quick onboarding of custom entitlements functionality, ensure that you upgrade the Managed System Gateway driver version to 4.0.0.6.

    • Delimited Text Password Synchronization: This package contains GCVs and sample policies for synchronizing passwords.

    • Delimited Text Managed System Information: This package contains the policies that enable the driver to collect data for reports.

    Note that if the Delimited Text Managed System Information and Password Synchronization packages are not imported into the Package Catalog, only the package ID is displayed for those packages in the list of optional features.

  5. Click Next.

  6. (Optional) If you want the driver to synchronize passwords, select the Delimited Text Password Synchronization package, then click Next.

  7. (Conditional) If not already configured, fill in the following fields on the Common Settings page, then click Next:

    • User Container: Select the Identity Vault container where users are added if they don’t already exist in the Identity Vault. This value becomes the default value for all drivers in the driver set.

    • Group Container: Select the Identity Vault container where groups are added if they don’t already exist in the Identity Vault. This value becomes the default value for all drivers in the driver set.

    NOTE:The Common Settings page is only displayed if the Common Settings package is a dependency.

  8. (Conditional) If not already configured, fill in the following fields on the Common Settings Advanced Edition page, then click Next:

    NOTE:This page is only displayed if you installed the Common Settings Advanced Edition package.

  9. On the Install Delimited Text Base page, specify a name for the driver, then click Next.

  10. Fill in the following fields, then click Next:

    • Input File Path: Specify the path for the input file.

    • Output File Path: Specify the path for the output file.

  11. (Conditional) If you want to use the Remote Loader with this driver, fill in the following fields to configure the driver to connect through the Remote Loader, then click Next. Otherwise, click No, then click Next.

    • Connect to Remote Loader: By default, the driver is configured to connect through the Remote Loader. If you want to run the driver locally, select no, then click Next. Otherwise, fill in the remaining fields to configure the driver to connect through the Remote Loader.

    • Host Name: Specify the host name or IP address of the server where the driver’s Remote Loader service is running.

    • Port: Specify the port number where the Remote Loader is installed and is running for this driver. The default port number is 8090.

    • Remote Password: Specify the Remote Loader’s password, as defined on the Remote Loader. The Identity Manager server or the Remote Loader shim requires this password to authenticate to the Remote Loader

    • Driver Password: Specify the driver object password that is defined in the Remote Loader service. The Remote Loader requires this password to authenticate to the Identity Manager server.

  12. On the Driver Parameters page, fill in the following fields, then click Next:

    • Field Delimiter: Specify the character to use to delimit field values in the input and output files. It must be one character. You can also use the tab as the delimiter field value. Tab is represented as {tab}. The default is a comma.

    • Field Names: Specify a comma-separated list of attribute names that can be referred to in the Schema Mapping rule. The fields of the records included in your input CSV files must correspond to the order and positioning of the names in this list.

  13. (Conditional) On the Entitlements Name to CSV File Mappings page, click the Add Name to File Mapping icon to populate the page with the entitlement configuration options.

    NOTE:This page is only displayed if you installed the Entitlements package.

    The information that you specify in this page is used for creating the permission catalog. Fill in the following fields:

    • Entitlement Name: Specify a descriptive name for the entitlement to map it to the CSV file that contains the target system entitlement details.

      Entitlement Name is the name of the entitlement. This parameter corresponds to the Entitlement Assignment Attribute on the target system. For example, you could define an entitlement called ParkingPass.

      This parameter is used to create a resource in the User Application.

    • Entitlement Assignment Attribute: Specify a descriptive name for the assignment attribute for an entitlement.

      Entitlement Assignment Attribute holds the entitlement values on the target system. For example, you could have an attribute called Parking.

      You must add this parameter to Field Names in the Driver Parameters page or modify it in driver settings after creating the driver.

    • CSV File: Specify the location of the CSV file. This file must be located on the same server as the driver. This file contains the values for application entitlements.

    • Multi-valued?: Set the value of this parameter to True if you want to assign resources and entitlements multiple times with different values to the same user. Otherwise, set it to False.

  14. (Conditional) On the Install Delimited Text Managed System Information page, fill in the following fields to define your Delimited Text system, then click Next:

    NOTE:This page is only displayed if you installed the Managed System Information package.

    • Name: Specify a descriptive name for this Delimited Text system.

    • Description: Specify a brief description for this Delimited Text system.

    • Location: Specify the physical location of this Delimited Text system.

    • Vendor: Leave the setting unchanged.

    • Version: Specify the version of this Delimited Text system.

  15. (Conditional) On the Install Delimited Text Managed System Information page, fill in the following fields to define your Delimited Text system, then click Next:

    NOTE:This page is only displayed if you selected to install the Managed System Information package.

    • Business Owner: Select a user object in the Identity Vault that is the business owner of the Delimited Text system. This can only be a user object, not a role, group, or container.

    • Application Owner: Select a user object in the Identity Vault that is the application owner of the Delimited Text system. This can only be a user object, not a role, group, or container.

  16. (Conditional) On the Install Delimited Text Managed System Information page, fill in the following fields to define your Delimited Text system, then click Next:

    • Classification: Select the classification of the Delimited Text system. This information is displayed in the reports. Your options are:

      • Mission-Critical

      • Vital

      • Not-Critical

      • Other

        If you select Other, you must specify a custom classification for the Delimited Text driver system.

    • Environment: Select the type of environment the Delimited Text system provides. The options are:

      • Development

      • Test

      • Staging

      • Production

      • Other

        If you select Other, you must specify a custom classification for the Delimited Text driver system.

  17. Review the settings and click Finish to create the driver.

  18. Modify the driver settings. Proceed to Section 3.2.3, Modifying the Driver Settings.

3.2.3 Modifying the Driver Settings

There are many settings that can help you customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs). Although it is important for you to understand all of the settings, your first priority should be to review the Driver Parameters located on the Driver Configuration page. These settings let you control the format and content of the input and output files.

The driver configuration settings are explained in Section A.0, Driver Properties.

If you do not have the Driver Properties page displayed in Designer:

  1. Open your project.

  2. In the Modeler, right-click the driver icon or the driver line, then select Properties.

  3. (Conditional) Click GCVs > Entitlements and review the following settings:

    NOTE:These settings are only displayed if you installed the Entitlements package.

    • Enable Permission Collection and Reconciliation: Select the value of this parameter to True for allowing permission collection and entitlement assignment. By default it is set to False, which allows the driver to override any other conditions to reconcile custom entitlements.

    • Enable Permission Reconciliation for all Custom Entitlements: If the value of this parameter is set to No, it allows you to select specific custom entitlements for reconciling them. By default, it is set to Yes, which allows reconciling of all custom entitlements.

    • Add Custom Entitlements for Reconciliation: This parameter is presented if the value of Enable Permission Reconciliation for all Custom Entitlements is set to No.

      Click the Add icon to add custom entitlements you want to selectively onboard and specify Assignment Attribute Name for them.

    NOTE:Ensure that Entitlement Assignment Attributes values are added to the Field Names parameter in the driver configuration if they are not added initially during driver creation.

  4. Click OK when finished.

  5. Deploy the driver to the Identity Vault. Proceed to Section 3.2.4, Deploying the Driver Object.

3.2.4 Deploying the Driver Object

To deploy the driver into the Identity Vault,

  1. In the Modeler, right-click the driver icon or the driver line, then select Live > Deploy.

  2. If you are authenticated to the Identity Vault, skip to Step 3, otherwise, specify the following information, then click OK.:

    • Host: Specify the IP address or DNS name of the server hosting the Identity Vault.

    • Username: Specify the DN of the user object used to authenticate to the Identity Vault.

    • Password: Specify the user’s password.

  3. Read through the deployment summary, then click Deploy.

  4. Read the successful message, then click OK.

  5. Click Define Security Equivalence to assign rights to the driver.

    The driver requires rights to objects within the Identity Vault and to the input and output directories on the server. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser, for example, and assign security equivalence to that user. For more information about defining a Security Equivalent User in objects for drivers in the Identity Vault, see “Establishing a Security Equivalent User” in the Identity Manager 4.0.2 Security Guide.

    For receiving events from the Identity Vault, ensure that the driver’s Security Equals DN has the following rights in the Identity Vault:

    • Entry: Browse rights.

    • Attributes: Read rights.

    1. Click Add, browse to and select the object with the correct rights.

    2. Click OK twice.

  6. Click Exclude Administrative Roles to exclude users that should not be synchronized.

    You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.

    1. Click Add, browse to and select the user object you want to exclude, then click OK.

    2. Repeat Step 6.a for each object you want to exclude, then click OK.

  7. Click OK.

After you have customized the driver for your environment, you must deploy it to the Identity Vault. Proceed to Section 3.2.4, Deploying the Driver Object.

3.2.5 Starting the Driver Object

If you configured the driver with the Permission Collection and Reconciliation service, ensure the driver meets the following requirements before it is started for the first time:

  • The Entitlement value CSV files are available in the locations specified during driver configuration. You can check the location you specified by examining the PermissionNameToFile mapping table under the driver in the Outline View of Designer.

  • The driver administrator and the User Application Resource Administrator are added to a Password Policy.

To start the driver, in the Modeler, right-click the driver icon or the driver line, then select Live > Start Driver.

For information about management tasks with the driver, see Section 9.0, Managing the Driver.