3.3 Creating the Driver in Designer

You create the Google Apps driver by importing the driver’s configuration file and then modifying the configuration to suit your environment. After you have created and configured the driver, you need to start it.

3.3.1 Installing the Current Driver Packages

The driver packages contain the items required to create a driver, such as policies, entitlements, filters, and Schema Mapping policies. These packages are only available in Designer and can be updated after they are initially installed. You must have the most current version of the packages in the Package Catalog before you can create a new driver object.

To verify that you have the most recent version of the driver packages in the Package Catalog:

  1. Open Designer

  2. In the toolbar, Left Click Help > Check for Package Updates

  3. Left Click OK to update the packages or Left Click OK if the packages are up-to-date

  4. In the Outline view, Right Click the Package Catalog

  5. Left Click Import Package

  6. Select any Google Apps driver packages

    Or

    Left Click Select All to import all of the packages displayed.

    NOTE:By default, only the base packages are displayed. Deselect Show Base Packages Only to display all packages.

  7. Click OK to import the selected packages, and then click OK in the successfully imported packages message.

  8. After the current packages are imported, then continue with section,Section 3.3.2, Installing the Driver Packages

3.3.2 Installing the Driver Packages

  1. In Designer, open your project.

  2. From the Palette, drag-and-drop the Google Apps driver to the desired driver set in the Modeler.

  3. Select Google Apps Base, and then Left Click next.

  4. Select the optional features to install for the Google Apps driver.

    NOTE:By default “show Only applicable packages versions” will be selected as expected.

    The Options are:

    • Google Apps User Package

    • Google Apps Organizational Units Package

    • Google Apps Groups Package

    • Google Apps Contact Package

    • Google Apps Account Tracking

    • Google Apps Managed System Settings

  5. Left Click Next

  6. (Conditional) If there are package dependencies for the packages you selected to install, you must install them to install the selected package. Left Click OK to install Package Dependencies.

    NOTE:There will be mutable instance of this; one for each option selected.

  7. On the “Install Google Apps Base” page, specify a name for the driver that is unique within the driver set, and then click next.

  8. Configure the authentication of the application.

    • Google Apps Domain Name: Specify the Google Apps Primary Domain Name. (example- yourcompany.com)

    • Google Apps Administrative ID: Specify the email address of a Google Apps administrator.

    • Password : Specify the password of the account referenced. Select Next when finished.

  9. (Optional) Remote loader configuration: Complete this section if and only if a remote loader is being used.

  10. (Optional) Verify Realm information, then select Next.

  11. (Optional) Specify the name of the Primary Google Apps domain managed by the driver.

  12. (Optional) “Installing Google Apps Organizational Units package.” This will configure the placement of users.

    1. No Placement: All user accounts will show up in the base of the domain in the Google Management Interface.

    2. Mirror Placement: The starting base container for all OUs are synchronized to Google and the user’s dn will match from that point forward.

    3. Entitlement Based: Allows you to select the container in Google that a user will be placed in. It will also grant the location with an Entitlement using RBPMS or Legacy.

  13. (Optional) Install Google Apps Password Settings - Random Selected.

    • Initial Password: If the system is not set up for Universal Password syncronization or if the user doesn’t have a password set, this will determine the password.

    • Number of Alphabetic Characters: This determines the number of letters in the random password. This will be combined with the number selected for “number characters”.

    • Number of Number Characters: This determines the number of number characters in the random password. This will be combined with the number selected for “alphabetic characters”. (Example: if the number 6 is selected for both numbers and letters, a random password will have a length of 12.)

  14. (Optional) Install Google Apps Password Settings - Attribute

    • eDirectory Attribute: Enter the name of the attribute in eDirectory that the Google Driver will use for the initial password.

    • Character to pad: Enter the value to be added to the end of the password if the length of the specified attribute value is less than the minimum number of characters.

  15. (Optional) “Installing Google Apps Managed System Setting”

    1. Name: Specify a descriptive name for the managed system.

    2. Description: Specify a brief description of the managed system.

    3. Location: Specify the location of the managed system.

    4. Vendor: Specify the Vendor of the managed system.

    5. Version: Specify the version of the managed system.

  16. (Optional) Install Google Apps Managed System Settings - System Ownership.

    NOTE:Select the Search icon and enter login information to browse to selections.

    • Business Owner: Specify the business owner of the managed system. Select a user object (not a role, group or container).

    • Application Owner: Specify the application owner of the managed system. Select a user object (not a role, group or container).

  17. (Optional) Install Google Apps Managed System Settings - System Classification.

    • Classification: Specify one of the following: Mission Critical, Vital, Not Critical, or Other.

    • Environment: Specify one of the following: Development, Test, Staging, Production, or Other.

  18. Install Google Apps User Package

    • Use Entitlements to control Google Apps accounts? Select either True or False. If set to true, then the entitlement connector must be installed and entitlement must be set to create users in Google Apps.

      • Match users who do not have a Google account entitlement. When set to True, users that have not been given an entitlement will be matched to Google users. When set to False, the connector will not attempt to match users without a Google user entitlement and will be blocked at the matching rule.

      • What should the Connector do when the Google Account entitlement is revoked? You can choose the default behavior from Do Nothing, Disable Account, or Delete Account

    • Membership Entitlement Select either True or False.

  19. Review the Summary.

  20. Select Finish.

3.3.3 Configuring the Driver

After importing the driver configuration file, you need to configure the driver before it can run. You should complete the following tasks to configure the driver:

  • Configure the driver properties: There are many settings that can help you customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs). Although it is important for you to understand all of the settings, your first priority should be to review the Driver Parameters located on the Driver Configuration page. The Driver Parameters and the Global Configuration Values let you configure the Google Apps login information and security credentials, and other parameters associated with the Publisher channel. These settings must be configured properly for the driver to start and function correctly. If you do not have the Driver Properties page displayed in Designer:

  1. Open your project.

  2. In the Modeler, right-click the driver icon or the driver connection, then select Properties.

  3. Make any desired changes, then click OK to save the changes.

  4. After the driver is created in Designer, it must be deployed to the Identity Vault. Proceed to Section 3.3.4, Deploying the Driver

  • Authentication: This panel contains the user account and connection details for your Google Apps subscription. It also contains additional Remote Loader configuration. The driver will require an account with Google Apps which is an administrator for your Google Apps subscription. It is recommended that a new account be created in your Google Apps domain specifically for this purpose. Make sure that this new account is set to administer your Google Apps domain. These values are set during the default import of the driver.

Google Apps Driver Properties

Property

Description

Example Value

Authentication ID

Google Apps Admin Account

idm@yourdomain.com

Connection Information

Your Google Apps Domain

yourdomain.com

Be sure to set the account password in the Application Authentication section of the driver properties.

Driver Configuration

  • Configure the driver parameters: The driver parameters panel contains driver-specific configuration.

    1. Driver Options The Google Apps driver does not use any Driver Options. This panel is intentionally blank.

    2. Subscriber Options:

      • Hash Password Select True to have the Google driver apply an MD5 hash to passwords prior to sending them to Google.

    3. Publisher Options:

      • Heartbeat Interval: Specify the length of time in seconds between heartbeats emitted by the Google driver’s publisher channel.

If this GCV is set to true then Groups that have not been given a Google Group Create entitlement will be matched to existing Google Groups. Otherwise the connector will not attempt to match Groups without a Google Group Create entitlement they will just be blocked at the matching rule.

  • Global Configuration Values (GCVs)

    The GCVs are defined in Table A-6

After completing the configuration tasks, continue with Section 3.3.4, Deploying the Driver.

3.3.4 Deploying the Driver

After the driver is created in Designer, it must be deployed into the Identity Vault.

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon or the driver connection, then select Live > Deploy.

  3. Read through the deployment summary, and then click Deploy.

  4. Read the success message, and then click OK.

  5. Click Define Security Equivalence to assign rights to the driver.

    The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Any Rights the driver needs to have on the server need to be assigned to the DriversUser object.

    1. Click Add, then browse to and select the object with the correct rights.

    2. Click OK twice.

  6. Click Exclude Administrative Roles to exclude users that should not be synchronized.

    1. Click Add, then browse to and select the user object you want to exclude.

    2. Click OK.

    3. Repeat Step 6a and 6b for each object you want to exclude.

    4. Click OK.

  7. Click OK

3.3.5 Starting the Driver

When a driver is created, it is stopped by default. To make the driver work, you must start the driver. Identity Manager is an event-driven system, so after the driver is started, it won’t do anything until an event occurs.

To start the driver:

  1. In Designer, select the project view.

  2. Click on the Google Apps driver.

  3. Click the green start icon.