3.2 Creating the Role Service Driver in iManager

To create and configure the Role Service driver in iManager.

  1. Open iManager 2.6 or later in a Web browser.

  2. Under Identity Manager > Identity Manager Overview, select the Driver Set where you want to install the Role Service driver.

    Install the User Application driver before installing the Role Service driver. Use Version 3.6 of the User Application driver ( UserApplication_3_6_0-IDM3_5_1-V1.xml) with the Role Service driver. If you use a different version of the User Application driver, the Roles Catalog will not be available.

    You can only have one Role Service driver per driver set.

  3. Click Add Driver.

  4. In the New Driver Wizard, keep the default of In an existing driver set. Click Next.

  5. Select RoleService-IDM3_5_1-V1.xml from the drop-down list. This is the Role Service driver configuration file that supports the Roles Based Provisioning Module.

    If RoleService-IDM3_5_1-V1.xml is not in this drop-down list, you did not copy this file to the correct location. Please refer to Section 2.7.3, Copying the Role Service Driver Configuration File.

    Click Next.

    You might see the following error when trying to create the driver:

    The following 'Namespace Exception' occurred while trying to access the directory.  (CLASS_NOT_DEFINED)

    If so, the iManager application might not have picked up your new Roles schema yet. The new schema is necessary for the Role Service driver. Try restarting your iManager session (close all browsers and log into the iManager again). Or, try restarting the server.

  6. Fill out the requested information in the Import Information Requested page. The following table describes the requested information.

    Option

    Description

    Driver Name

    Specify the driver name or keep the default name, Role Service, of the Role Service driver. If you install a new driver with the same name as an existing driver, the new driver overwrites the existing driver’s configuration.

    Use the Browse button to see the existing drivers on the selected driver set. This is a required field.

    User Application Driver DN

    The distinguished name of the User Application driver object that is hosting the role system. Use the eDirectory format, such as UserApplication.driverset.org, or browse to find the driver object. This is a required field.

    User Application URL

    The URL used to connect to the User Application in order to start Approval Workflows. The example URL given is http://host:port/IDM. This is a required field.

    User Application Identity

    The distinguished name of the object used to authenticate to the User Application in order to start Approval Workflows. This can be a User Application Administrator to whom you are giving rights to administer the User Application portal. Use the eDirectory format, such as admin.department.org, or browse to find the user. This is a required field.

    User Application Password

    Password of the User Application Administrator specified in the Authentication ID. The password is used to authenticate to the User Application in order to start Approval Workflows. This is a required field.

    Reenter the Password

    Re-enter the password of the User Application Administrator.

  7. After the information is filled in, click Next.

  8. Click Define Security Equivalences to open the Security Equals window. Browse to and select an administrator or other Supervisor object, then click Add.

    This step gives the driver the security permissions it needs. Details about the significance of this step can be found in your Identity Manager documentation.

  9. (Optional, but recommended) Click Exclude Administrative Roles.

  10. Click Add, select users you want to exclude for driver actions (such as administrative roles), click OK twice, then click Next.

  11. Click OK to close the Security Equals window, then click Next to display the summary page.

  12. If the information is correct, click Finish.