A.2 Global Configuration Values

Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.

The Google Apps driver includes several predefined GCVs. You can also add your own if you discover you need additional ones as you implement policies in the driver.

To access the driver’s GCVs in iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit:

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, click the upper right corner of the driver icon to display the Actions menu, then click Edit Properties.

    or

    To add a GCV to the driver set, click Driver Set, then click Edit Driver Set properties.

To access the driver’s GCVs in Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select Properties > Global Configuration Values.

    or

    To add a GCV to the driver set, right-clickthe driver set icon , then click Properties > GCVs.

Name

Description

Example Value

Google Apps Domain Name

Specify the name of the Google Apps domain managed by this driver.

mydomain.com

Base Container for users in eDirectory

Only users in or below this container are synchronized to the connected Google System.

yourorg\users

Use Entitlement for User Account Creation

If this GCV is set to True, users are created in Google only when the entitlement is granted.

True

Match Users who do not have a Google Account Entitlement.

If this GCV is set to True, then users who have not been given an entitlement are matched to existing Google accounts. The connector does not attempt to match users without a Google account entitlement; they are blocked at the matching rule.

False

What should the Connector do when the Google Account entitlement is revoked?

This GCV determines how the connector handles a user account that has the Account Entitlement revoked.

Do Nothing: if an account entitlement is revoked, the driver does nothing. The account remains in the state it was in when the entitlement was revoked.

Disable Account: When the entitlement is revoked, the account in Google is disabled.

Delete Account: Tells the connector to delete the account in Google when the entitlement is revoked.

Do Nothing

Base Container for Groups in eDirectory

Only groups in or below this container are synchronized to the connected Google system.

Yourorg/groups

Default visibility for Google Groups.

This GCV sets the default visibility for groups created in Google Apps. If all your groups are used as a distribution list available to users on the Internet, you need to set the Value to Anyone-Internet Enabled. You can use the Policy Builder to change the permissions on any group during Add or Modify events.

Owner, Member, Domain, Anyone

Base Container for Organizational Units in eDirectory

Only OUs in or below this container are synchronized to the connected Google System. If placement is done with a mirroring package, this GCV is also used as the root container for where the mirror starts.

Myorg

What to use for intitial Password if Distribution Password not Present

If the system is not set up for universal password synchronization or the user account doesn’t have a distribution password set yet, an initial password must be set. This GCV tells the system whether to use an attribute from the user account for an initial password or to use a randomy generated password. If the accounts are going to use SAML for authentication, then a random password can be used. Otherwise, an attribute value should be selected.

Random PasswordAttribute Value from User

eDirectory attribute to use for initial password value.

The name of the attribute in eDrectory that the Google driver should use for an initial password if no Distribution password is available on creation.

Surname

Number of letters to use in the Random Password

The number of letters to use in the random password. When added to the value of the Random Password Numbers GCV, it determines the total number of characters in the password.

6

Number of numbers to use in the Random Password

The number of numbers to use in the random password. When added to the value of the Random password letters GCV, it determines the count of numbers in the password.

6