5.0 Configuring Account Tracking

To enable account tracking, complete the following two tasks:

Extend the schema by installing Identity Manager 4.0.1 or later. If you have not installed Identity Manager 4.0.1 or later, see the Identity Manager 4.0 Integrated Installation Guide for instructions.
Enable the account tracking GCV on each driver used with the Sentinel driver. Not all drivers can be enabled for account tracking. If a driver does not have the Account Tracking GCV, then account tracking cannot be enabled. The drivers that are enabled for Account Tracking are:
- Active Directory
- eDirectory
- LDAP
- Notes
- SAP User Management
- SAP Portal

These steps to enable account tracking are the same for each driver.

Access the Account Tracking GCV:
- In Designer: Right-click the driver icon, then select Properties > GCVs.
- In iManager: Edit the driver properties, then click the Global Config Values tab.
Set the Account Tracking > Show Account Tracking Configuration option to show.
Use the information in Table 5-1 to correctly enable account tracking.
Click OK to save the changes.

If the driver is running, it must be restarted for the changes to take effect.

Table 5-1 Show Account Tracking Configuration Options

Option	Description
Enable account tracking	Select true to enable the policies in the driver to use the DirXML-Accounts attribute.
Realm	Specify the name of your realm, security domain, or namespace where the account name is unique.
Object Class	Specify the object classes to track with account tracking. The class name must be in the application namespace.
Identifiers	Each driver has different account identifier attribute. By default, the attributes are prepopulated for each driver. Active Directory: association, sAMAccountName, userPrincipalName, LDAPDN eDirectory: association, CN GroupWise: CN LDAP: association, LDAPDN Notes: association, FullName SAP User Management: association, USERNAME:BABIBNAME SAP Portal: association, logonname
Status attribute	Specify the name of the attribute in the application namespace that represents the account status. By default the attributes are: Active Directory: dirxml-uACAccountDisable eDirectory: Login Disabled GroupWise: 50058 LDAP: loginDisabled Notes: AccountTrackingAccountStatus SAP User Management: LOCKUSER SAP Portal: isLocked
Status active value	The value of the status attribute that represents an active state. By default, the value is false.
Status inactive value	The value of the status attribute that represents an inactive state. By default, the value is true.
Subscription default status	The default status that the policies assume when an object is subscribed to the application and the status attribute is not set in the Identity Vault. By default, the status is Active.
Publication default status	The default status that the policies assume when an object is published to the Identity Vault and the status attribute is not set in the application. By default, the status is Uninitialized.