3.4 Viewing Permission Collection and Reconciliation Service Configuration Objects

NOTE:This section contains information about verifying the objects that are either newly created or modified as part of enabling the Permission Collection and Reconciliation service. If this service is not enabled for the driver, skip this section.

After the driver is deployed and configured with the new Permission Collection and Reconciliation service, verify that the driver correctly creates and updates the entitlements information in the Identity Vault.

Complete the following steps:

  1. In iManager, click to display the Identity Manager Administration page.

  2. In the Administration list, click Identity Manager Overview.

    1. (Conditional) If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    2. Click the driver set to open the Driver Set Overview page.

  3. Click the SOAP driver icon.

  4. Click the Jobs tab. The PermissionOnboarding job is displayed in the Jobs page. For more information, see PermissionOnboarding Job in the NetIQ Identity Manager Driver Administration Guide.

  5. Click Advanced > Mapping Tables. The DNs of the Entitlement objects are displayed in the Mapping Table page based on the InitEntitlementResourceObjects policy and data from the configuration objects. For more information, see Mapping Tables in the NetIQ Identity Manager Driver Administration Guide.

  6. In iManager, click Driver Set > Edit Driver Set properties.

  7. Click Global Config Values to display the driver set GCV page.

    This page contains two sets of GCVs that are consumed by the drivers in the driver set. Ensure that you configure them for the driver set containing the drivers for reconciliation of identity, resources, and permission assignments.

    • NOVLCOMSET: This GCV object contains the following:

      • User Container: Specifies the Identity Vault container where the users are added, if they don’t already exist in the Identity Vault. This value is the default value for all drivers in the driver set.

      • Group Container: Specifies the Identity Vault container where the groups are added, if they don’t already exist in the Identity Vault. This value is the default value for all drivers in the driver set.

    • Advanced Settings: This GCV object contains the following:

      • User Application Provisioning Services URL: Specifies the User Application Identity Manager Provisioning URL.

      • User Application Provisioning Services Administrator: Specifies the DN of the provisioning services administrator. This user should have the rights for creating and assigning resources.