A.2 Global Configuration Values

Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.

The SAP User Management driver includes several predefined GCV’s. You can also add your own if you discover you need additional ones as you implement policies in the driver.

To access the driver’s GCVs in iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit.

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, click the upper right corner of the driver icon to display the Actions menu, then click Edit Properties.

    or

    To add a GCV to the driver set, click Driver Set, then click Edit Driver Set properties.

To access the driver’s GCVs in Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select Properties > Global Configuration Values.

    or

    To add a GCV to the driver set, right-clickthe driver set icon , then click Properties > GCVs.

Table A-8 Global Configuration Values

Option

Description

Driver Parameters > Connected System or Driver Name

The name of the connected system, application or Identity Manager driver. This value is used by the e-mail notification templates.

Password Management > Application accepts passwords from Identity Manager

If True, allows passwords to flow from the Identity Vault to the SAP system.

In Designer, you must click the icon next to an option to edit it. This displays the Password Synchronization Options dialog that better shows the relationship between the different GCVs.

In iManager, you should edit the Password Management Options on the Server Variables tab rather than under the GCVs. The Server Variables page better shows the relationship between the different GCVs.

For more information about how to use the Password Management GCVs, see Configuring Password Flow in the Identity Manager 3.6.1 Password Management Guide.

Identity Manager accepts passwords from application

If True, allows passwords to flow from the SAP system to the Identity Vault.

Publish passwords to NDS password

Use the password from the SAP system to set the non-reversible NDS® password in the Identity Vault.

Publish passwords to Distribution Password

Use the password from the SAP system to set the NMAS™ Distribution Password used for Identity Manager password synchronization.

Require password policy validation before publishing passwords

If True, applies NMAS password policies during publish password operations. The password is not written to the Identity Vault if it does not comply.

Reset user’s external system password to the Identity Manager password on failure

If True, on a publish Distribution Password failure, attempt to reset the password in the SAP system using the Distribution Password from the Identity Vault.

Notify the user of password synchronization failure via e-mail

If True, notify the user by e-mail of any password synchronization failures.

Password Failure Notification User

Password synchronization policies are configured to send e-mail notification to the associated user when password updates fail. You have to option of sending a copy of the notification e-mail to another user, such as a security administrator. If you want to send a copy, specify the DN of that user.

Entitlements Options > Show Entitlements

Select show to display the entitlements configuration for this driver.

Entitlements Options > Use User Account Entitlement

Entitlements act like an on/off switch to control access. When the driver is enabled for entitlements, accounts are only created and removed or disabled when the account entitlement is granted to or revoked from users.

Select True to enable the user account entitlement. You must have an entitlement agent configured in your environment. For more information about entitlements, see the Identity Manager 3.6.1 Entitlements Guide.

Entitlement Options > When account entitlement revoked

Select which action is taken in the SAP system when a User Account Entitlement is revoked. The options are to disable the account or to delete the account.

Entitlement Options > Use Role (Activity Group) Entitlement

Enables the Role entitlement that is included with the driver. Select True to enable this entitlement.

Use CUARole Entitlement

Enables the CUA Role entitlement that is included with the driver. Select True to enable this entitlement.

Use Profile Entitlement

Enables the Profile entitlement that is included with the driver. Select True to enable this entitlement.

Use CUAProfile Entitlement

Enables the CUA Profile entitlement that is included with the driver. Select True to enable this entitlement.

Account Tracking > Show Account Tracking Configuration > Enable Account Tracking

Enables the account tracking policies included with the driver. Select True to execute the account tracking policies.