The Provisioning view is only available for Designer projects that contain a User Application driver. After you set up an Identity Manager project and configure an Identity Vault and driver set for the project, you add and configure a User Application driver.
To use Designer to configure the Roles tab of the User Application, you must additionally add a Role Service driver to your project.
In an open Designer project, create a new driver by using one of these methods:
Click Provisioning in the Palette, then drag the User Application icon onto the modeler.
Right-click the driver set for your project, then select New > Driver.
Click the driver set for your project, then select Model > Driver > New.
Select User Application Base from the list of driver base packages in the Driver Configuration Wizard, then click Next.
Specify the properties you want to use for the driver. Use the following information to configure the driver:
Field |
Description |
---|---|
Driver Name |
Specify the name of an existing User Application driver (the driver specified during the User Application installation), or the name of a new User Application driver. |
Authentication ID |
Specify the DN of the User Application Administrator. |
Application Password |
Specify the password for the User Application Administrator (above). |
Host |
Specify the hostname or IP address of the application server where the Identity Manager User Application is deployed. This information is used:
|
Port |
Specify the port for the Host (above). |
Application Context |
Specify context of the User Application context. For example, IDMProv. |
Allow Initiator Override |
This property applies to workflows that are started automatically. Workflows started automatically are typically started under the Admin identity. Selecting Yes for this property allows those workflows to be started under another user identity. For more information, see the Identity Manager User Application: Administration Guide. |
Click Next.
Click Finish.
NOTE:When you create a User Application driver, e-mail templates for the User Application are added to the Default Notification Collection. You must explicitly deploy them. They are not deployed by default when you deploy the User Application driver.
In the same project where you created a User Application driver, click Provisioning in the Palette, then drag and drop the Role Service icon onto the Modeler.
Select Role and Resource Service Base from the list of driver base packages in the Driver Configuration Wizard, then click Next.
Specify the name you want to use for the driver and click Next.
Specify the properties you want to use for connecting the driver to the User Application. If you have already configured the User Application driver, the Driver Configuration Wizard should prepopulate the fields with the correct information, but we recommend you double-check the specified properties. Use the following information to configure the driver:
Field |
Description |
---|---|
User-Group base container DN |
Specify the DN of the root container that the Role Service driver services. |
User Application Driver DN |
Specify the DN of the User Application Driver object that hosts the role system. For example, system\driverset1\UserApplication. |
User Application URL |
Specify the URL used to connect to the User Application. The default URL is http://127.0.0.1:8180/IDMProv. |
User Application Identity |
Specify the DN of the User Application Administrator. For example, cn=admin,ou=sa,o=data. |
User Application Password |
Specify the Application Password you specified for the User Application driver. |
Click Next.
Click Finish.
After creating the Role Service driver, you can optionally modify some of the driver configuration settings and modify the additional settings described in Table 2-1. To customize the additional settings:
In the Modeler, right-click the Role Service driver and select Driver > Properties.
Select Driver Configuration (in the left pane).
Click the Driver Parameters tab.
Click the Driver Options tab. You can modify the driver’s properties that you specified when you created the driver as well as the properties described in Table 2-1.
Click OK to save the changes.
Table 2-1 Additional Settings for Customizing the Role Service Driver
Field |
Description |
---|---|
Number of days before processing removed request objects |
The number of days the driver should wait before cleaning up request objects that have finished processing. This value determines how long you are able to track the status of requests that have been fulfilled. |
Frequency of reevaluation of dynamic and nested groups (in minutes) |
The number of minutes the driver should wait before reevaluating dynamic and nested groups. This value determines the timeliness of updates to dynamic and nested groups used by the User Application. In addition, this value can have an impact on performance. Therefore, before specifying a value for this option, you need to weigh the performance cost against the benefit of having up-to-date information in the User Application. |
Generate audit events |
Determines whether audit events are generated by the driver. |
Identity Manager includes a standard set of e-mail notification templates.
When you create a User Application driver, any e-mail notification templates that are missing from the standard set are replaced. However, existing e-mail notification templates, which might come from an earlier version of Identity Manager, are not updated. To replace existing templates with new templates:
Expand the Outline view.
In the Default Notification Collection, delete the e-mail notification templates that you want to replace.
Right-click Default Notification Collection and select Add Default Templates or Add All Templates.
You can also use this command at any time to update e-mail notification templates without creating a new User Application driver.
To deploy the e-mail notification templates to the Identity Vault, right-click Default Notification Collection and select Live > Deploy.