The following sections provide steps for using iManager to create and configure a new Sentinel driver. For information about using Designer to accomplish these tasks, see Section 4.1, Using Designer to Create and Configure the Driver.
Importing the Sentinel driver configuration file creates the driver in the Identity Vault and adds the policies needed to make the driver work properly.
Verify that the iManager update is installed. For more information, see Installing the Updated iManager Plug-Ins for Identity Manager.
In iManager, click to display the Identity Manager Administration page.
In the Administration list, click
to launch the Import Configuration Wizard.Use the following information to complete the wizard and create the driver.
Prompt |
Description |
---|---|
Where do you want to place the imported configuration? |
You can add the driver to an existing driver set, or you can create a new driver set and add the driver to the new set. If you choose to create a new driver set, you are prompted to specify the name, context, and server for the driver set. |
Import a configuration into this driver set |
Use the default option, .In the field, select .In the Sentinel-IDM3_6_0-V3.xml file. field, select the |
Driver name |
Specify a name that is unique within the driver set. |
Broker Type |
Select the type of broker you are using. The broker type is determined by the version of Sentinel you are using. Sentinel: Sentinel RD: |
Broker URL |
Specify the IP address of the Sentinel broker. The following are examples for the different versions of Sentinel. The ports listed are the default ports for the brokers. Sentinel: tcp://brokeripaddress:10012 Sentinel RD: ssl://brokeripaddress:61616 |
Broker Username |
Specify the username used to authenticate to this broker. If you are connecting to a Sentinel system, use a random username. If you are connecting to a Sentinel RD system, you must use the username and password contained in the ../config/activemqusers.properties file. The user name is collectormanager |
Broker Password |
Specify the password of the user used to authenticate to the broker. If you are connecting to a Sentinel RD system, the password is located in the ../config/activemqusers.properties file. |
Driver is Local/Remote |
Select if this driver will run on the Metadirectory server without using the Remote Loader. Select if you want the driver to use the Remote Loader, either locally on the Metadirectory server or remotely on another server. |
Remote Host Name and Port |
This applies only if the driver is running remotely. Specify the hostname or IP address of the server where the driver’s Remote Loader is running. |
Driver Password |
This applies only if the driver is running remotely. Specify the driver object password that is defined in the Remote Loader. The Remote Loader requires this password to authenticate to the Metadirectory server. |
Remote Password |
This applies only if the driver is running remotely. Specify the Remote Loader’s password (as defined on the Remote Loader). The Metadirectory engine (or Remote Loader shim) requires this password to authenticate to the Remote Loader. |
Define Security Equivalences |
The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights. |
Exclude Administrative Roles |
You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization. |
When you finish providing the information required by the wizard, a Summary page similar to the following is displayed.
At this point, the driver is created from the basic configuration file. To ensure that the driver works the way you want it to for your environment, you must review and modify (if necessary) the driver’s default configuration settings.
To modify the default configuration settings, click the linked driver name, then continue with the next section, Using iManager to Configure the Driver Settings.
or
To skip the configuration settings at this time, click Using iManager to Configure the Driver Settings.
. When you are ready to configure the settings, continue with the next section,WARNING:Do not click
on the Summary page. This removes the driver from the Identity Vault and results in the loss of your work.The information specified during the creation of the driver is the minimum information required to import the driver. However, the base configuration might not meet your needs.
You might need to change whether the driver is running locally or remotely.
You might need to change which broker the driver connects to.
The driver configuration settings are explained in Section A.0, Driver Properties.
To configure the settings:
Make sure the Modify Object page for the Sentinel driver is displayed in iManager. If it is not:
In iManager, click to display the Identity Manager Administration page.
Click
.Browse to and select the driver set object that contains the new Sentinel driver.
Click the driver set name to access the Driver Set Overview page.
Click the upper right corner of the driver, then click
.This displays the properties page of the driver.
Review the settings for the driver parameters, global configuration values, or engine control values. The configuration settings are explained in Section A.0, Driver Properties.
After modifying the settings, click
to save the settings and close the Modify Object page.After the driver is created, you must start the driver. Identity Manager is an event-driven system, so after the driver is started, it waits for events for events to occur.
There is additional configuration that must be completed before you start the Sentinel driver.
(Conditional) The connection factories must be created for Sentinel6.1. Sentinel RD automatically creates the connection factories.
(Conditional) The SonicMQ message queues must be created, if you are using Sentinel 6.1. Sentinel RD automatically creates the message queue for ActiveMQ.
The Identity Vault Collector must be installed, configured, and started.
See Section 6.0, Creating Connections to the JMS Message Bus for Sentinel 6.1 for instructions on how to create the connections factories and message queues. For the Identity Vault installation instructions, see Section 7.0, Installing and Configuring the Identity Vault Collector.
IMPORTANT:The Identity Vault collector must be started before the driver is started. When the collector starts, the JNDI destinations are created. The driver looks for the JNDI destinations when it starts and if they do not exist, the driver cannot start. To start the collector, see Section 7.5, Starting the Collector.
To start the driver after the additional configuration is completed and the Identity Vault Collector is created:
In iManager, click to display the Identity Manager Administration page.
Click
.Browse to and select the driver object that contains the Sentinel driver you want to start.
Click the driver set name to access the Driver Set Overview page.
Click the upper right corner of the Sentinel driver, then click
.For information about management tasks with the driver, see Section 10.0, Managing the Driver.