Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.
The SAP HR driver includes several predefined GCVs. You can also add your own if you discover that you need additional ones as you implement policies in the driver.
To access the driver’s GCVs in iManager:
Click to display the Identity Manager Administration page.
Open the driver set that contains the driver whose properties you want to edit:
In the
list, click .If the driver set is not listed on the
tab, use the field to search for and display the driver set.Click the driver set to open the Driver Set Overview page.
Locate the driver icon, click the upper right corner of the driver icon to display the
menu, then click .or
To add a GCV to the driver set, click
, then click .To access the driver’s GCVs in Designer:
Open a project in the Modeler.
Right-click the driver icon or line, then select
or
To add a GCV to the driver set, right-clickthe driver set icon , then click
.The GCVs are divided into the following categories:
The configuration GCVs are divided into multiple categories:
Show New User Naming Options: Select
to display the new user naming configuration options.New User Naming: There are three options when naming newly provisioned eDirectory users:
Employee-Named-Based (Variable Length): There are different variations for how the user name is generated:
First character of Given Name + Surname
First character of Given Name + first character of Initials + Surname
First two characters of Given Name + Surname
First three characters of Given Name + Surname
First character of Given Name + Surname + digit starting with 1 incremented until the name is unique within eDirectory.
Employee-Name-Based (Fixed Length: There are different variations for how the user name is generated:
First character of Given Name + up to seven characters of Surname
First character of Given Name + first character of Initials + up to six characters of Surname
First two characters of Given Name + up to five characters of Surname
First character of Given Name + up to four characters of Surname + three digits padded with zeros if necessary, starting with 001 and incremented until the name is unique within eDirectory.
Attribute-Value-Based: The CN of the user object is named by the defined naming attribute value.
User Naming Attribute: Specify the attribute value that is used to name new users. The attribute must be supplied in the event.
Show Object Relationships Options: Select
to display the object relationship configuration options.Discover Relationships: Select
to discover relationships between objects in the SAP HR data model.Filter: Adds object classes to filter on to discover the relationships between objects in the SAP HR data model and eDirectory.
Object Class: Specify the object class you want to discover relationships for. Class names must be in the Identity Vault name space.
Attributes: Add all the relationship attributes you want to be populated. Attribute names must be in the Identity Vault name space.
Show Future Event Options: Select
to display the future event configuration options.Record Future Events: Select
to record future events.SAP Business Logic Driver: Browse to and select the SAP Business Logic driver servicing this HR driver instance.
Filter: Add all of the attributes you want to be notified of when changes happen in the future. Attribute names must be in the Identity Vault name space.
Show Debugging Options: Select
to display the debugging configuration options.Enable logging for generated attribute names: Select
to enable logging for generated attribute names.Show Process Logging Options: Select
to display the process logging configuration options.Enable process logging: Select
to enable process logging.Daily Logfile: Select <YYYYmmDD>-<driver-name>-<drv.proclog.logfile>.
to create a daily log file with the name ofLog file name: Specify the final name of the driver log file.
Log file directory: Specify the directory where the log file is stored.
These GCVs enable password synchronization between the Identity Vault and the SAP HR system.
In Designer, you must click the icon next to a GCV to edit it. This displays the Password Synchronization Options dialog box for a better view of the relationship between the different GCVs.
In iManager, you should edit the Password Management Options on the
tab rather than under the GCVs. The Server Variables page has a better view of the relationship between the different GCVs.For more information about how to use the Password Management GCVs, see Configuring Password Flow
in the Identity Manager 4.0.2 Password Management Guide.
Connected System or Driver Name: Specify the name of the SAP HR system or the driver name. This valued is used by the e-mail notification template to identity the source of the notification message.
Application accepts passwords from Identity Manager: If
, allows passwords to flow from the Identity Manager data store to the connected system.Identity Manager accepts passwords from application: If
, allows passwords to flow from the connected system to Identity Manager.Publish passwords to NDS password: If
, allows the driver to use the password from the connected system to set the non-reversible NDS password in eDirectory.Publish passwords to Distribution Password: If
, allows the driver to use the password from the connected system to set the NMAS Distribution Password used for Identity Manager password synchronization.Require password policy validation before publishing passwords: If
, applies NMAS password policies during publish password operations. The password is not written to the data store if it does not comply.Reset user’s external system password to the Identity Manager password on failure: If
, on a publish Distribution Password failure, attempts to reset the password in the connected system by using the Distribution Password from the Identity Manager data store.Notify the user of password synchronization failure via e-mail: If
, allows the driver to notify the user by e-mail of any password synchronization failures.These settings help the Identity Reporting Module function to generate reports. There are different sections in the
tab.Name: Specifies a descriptive name for this SAP HR system. This name is displayed in the reports.
Description: Specifies a brief description of this SAP HR system. This description is displayed in the reports.
Location: Specifies the physical location of this SAP HR system. This location is displayed in the reports.
Vendor: Specifies SAP as the vendor of this SAP HR system. This information is displayed in the reports.
Version: Specifies the version of this SAP HR system. This version information is displayed in the reports.
Business Owner: Specifies the business owner in the Identity Vault for this SAP HR system. Ensure that a user object is selected. You must not select a role, group, or container.
Application Owner: Specifies the application owner in the Identity Vault for this SAP HR system. Ensure that a user object is selected. You must not select a role, group, or container.
Classification: Specifies the classification of the SAP HR system. This information is displayed in the reports. The options are:
Mission-Critical
Vital
Not-Critical
Other
If you select
, you must specify a custom classification for the SAP HR system.Environment: Specifies the type of environment the SAP HR system provides. The options are:
Development
Test
Staging
Production
Other
If you select
, you must specify a custom classification for the SAP HR system.Connection and miscellaneous information: This options is always set to
, so that you don’t make changes to these options. These options are system options for reporting. If you make any changes, reporting stops working.