4.2 Getting started

You’ll use the features of the Designer for Identity Manager Provisioning View and the directory abstraction layer editor to define the contents of the directory abstraction layer. Follow these steps to get started:

Step

Task

Description

1

Create an Identity Manager project

This includes:

  • Configuring the Identity Vault

  • Specifying the Driver Set properties

See the Identity Manager documentation.

2

Add a User Application driver to the Modeler

You can find the Identity Manager user application driver in the Provisioning folder of the Modeler Palette.

3

Complete the User Application driver configuration

See the procedure Section 4.2.1, Completing the User Application driver configuration.

4

Access the Provisioning View

See Section 4.2.2, Accessing the Provisioning View.

5

Start the directory abstraction layer editor

See To open the directory abstraction layer editor:.

4.2.1 Completing the User Application driver configuration

Follow these steps once you have an Identity Manager project created.

To complete the User Application driver configuration:

  1. Drop a User Application driver icon on the canvas.

    You are prompted for a driver configuration.

    Description: Description: Illustration

  2. Select UserApplication.xml (the default), then click Run.

  3. Specify how the wizard should handle validation of your entries by clicking Yes or No.

    Description: Description: Illustration

    .

    .

    .

    Description: Description: Illustration

  4. Complete the panel as follows:

    Property

    What to specify

    Driver Name

    • The name of an existing driver (the driver within the driver set that was specified during the user application installation).

    • The name of a new driver.

    Authentication ID

    The DN of the User Application Administrator.

    Application password/Reenter password

    The password for the User Application Administrator (above).

    Application context

    The name of the user application context (specified at install, for example, IDM).

    Host

    The host name or IP address of the application server where the Identity Manager user application is deployed. This information is used:

    • To trigger workflows on the application server to connect to access workflows (terminate, retract, and so on).

    • To update cached data definitions.

    Port

    The port for the Host above.

  5. Click OK.

4.2.2 Accessing the Provisioning View

To access the Provisioning View:

  1. Choose one of these ways:

    • Select Window>Show View>Provisioning View.

      Description: Description: Illustration

  • Open the Provisioning folder and select Provisioning View.

  • Click OK.

or

  • Select the User Application icon, right-mouse and select Application>Show Provisioning View.

In the Provisioning View, you’ll see the project you just created along with any other provisioning projects located in the same workspace.

HINT:If you do not see the applications that you expect in the view, it might be because the project is corrupt. If your project is corrupt, you must recreate it.

Description: Description: Illustration

About the Provisioning View

The Provisioning View provides persistent access to the provisioning features. Double-clicking an item from the Provisioning View opens the editor for that item. You’ll use the provisioning view to perform the following actions with the directory abstraction layer definitions:

  • Import one or more object definitions from the identity vault.

  • Validate the structure of the data definitions.

  • Deploy your definitions to the identity vault specified in the project.

  • Create and delete directory abstraction layer definitions.

For more information, see Section 4.8, Importing, validating, and deploying directory abstraction layer definitions.

4.2.3 Starting the directory abstraction layer editor

To open the directory abstraction layer editor:

  1. With the Provisioning View open navigate to the Directory Abstraction Layer node.

  2. Double-click the Directory Abstraction Layer node.

    You’ll see a tree containing Entities, Lists, Org Chart Relationships, and Configuration.

    Description: Description: Illustration

About the directory abstraction layer editor

The directory abstraction layer editor provides a graphical way to define the set of XML files that comprise the directory abstraction layer. The directory abstraction layer editor is an Eclipse-based tool that you can access from the Provisioning View of an Identity Manager project.

When you open the directory abstraction layer editor the first time, you’ll see a base set of abstraction layer objects that are created automatically each time you create a new provisioning project:

Description: Description: Illustration

The nodes of the directory abstraction layer editor include:

Element

Description

Entities

Entities represent the identity vault objects configured for this project and available to the user application. There are two types of entities:

  • Entities that are mapped from schema. These entities represent objects that exist in the identity vault that are directly exposed to users via the user application. Users can typically create, search, and modify the attributes of these types of objects.

  • Entities that represent LDAP relationships. Also called DNLookups. These entities represent indexed searches and are used to support particular types of attributes that you want to expose. DNLookup entities provide information about relationships between LDAP objects. DNLookup entities are used by the:

  • The Org Chart portlet to determine relationships.

  • The Search List, Create, and Detail portlets to provide pop-up selection lists and DN contexts.

For more information, see Section 4.3.3, Defining entities.

Lists

Lets you define the contents of global lists. Global lists are:

  • Associated with an attribute. When the attribute is displayed in the user application, it is displayed as a dropdown list.

  • Used to display categories used by the Provisioning Request Configuration Plug-in to iManager.

For more information, see Section 4.4, Working with lists.

Org Chart Relationships

Used by the Organization Chart action of the Identity Self-Service tab of the user application. Lets you map hierarchical relationships among schema-based entities.

For more information, see Section 4.5, Working with Org Chart relationships.

Configuration

General configuration parameters.

For more information, see Section 4.6, Working with configuration settings.

Where the XML files are stored locally The directory abstraction layer editor generates a single XML file for each entity, list, or relationship. The files are stored in the project’s Provisioning\AppConfig\DirectoryModel folder. The file name is based on the object’s key. They include:

Directory

Description

ChoiceDefs

Contains the files that define global lists. Files have the .choice extension.

EntityDefs

Contains the files that define the entities and attributes. Files have the .entity extension.

RelationshipDefs

Contains the files that define the relationships available to the Org Chart portlet. These files have the .relation extension.

You’ll use the features of the directory abstraction layer editor to add new definitions that model your own identity vault schema. You’ll use the features of the Provisioning View to deploy the new definitions to the identity vault.

Using the directory abstraction layer editor

The directory abstraction layer editor is divided into two panes. The left pane provides a view of the directory abstraction layer contents. When you select an item in the left pane, the right pane displays the attributes and settings for the selected item.

Description: Description: Illustration