To enable account tracking, complete the following two tasks:
Extend the schema by installing Identity Manager 3.6 or later. If you have not installed Identity Manager 3.6 or later, see the Identity Manager 3.6.1 Installation Guide for instructions.
Enable the account tracking GCV on each driver used with the Sentinelâ„¢ driver. Not all drivers can be enabled for account tracking. If a driver does not have the Account Tracking GCV, then account tracking cannot be enabled. The drivers that are enabled for Account Tracking are:
Active Directory
eDirectoryâ„¢
LDAP
Notes
SAP User Management
SAP Portal
These steps to enable account tracking are the same for each driver.
Access the Account Tracking GCV:
In Designer: Right-click the driver icon, then select
.In iManager: Edit the driver properties, then click the
tab.Set the
> option to .Use the information in Table 5-1 to correctly enable account tracking.
Click
to save the changes.If the driver is running, it must be restarted for the changes to take effect.
Table 5-1 Show Account Tracking Configuration Options
Option |
Description |
---|---|
Enable account tracking |
Select to enable the policies in the driver to use the DirXML-Accounts attribute. |
Realm |
Specify the name of your realm, security domain, or namespace where the account name is unique. |
Object Class |
Specify the object classes to track with account tracking. The class name must be in the application namespace. |
Identifiers |
Each driver has different account identifier attribute. By default, the attributes are prepopulated for each driver.
|
Status attribute |
Specify the name of the attribute in the application namespace that represents the account status. By default the attributes are:
|
Status active value |
The value of the status attribute that represents an active state. By default, the value is . |
Status inactive value |
The value of the status attribute that represents an inactive state. By default, the value is . |
Subscription default status |
The default status that the policies assume when an object is subscribed to the application and the status attribute is not set in the Identity Vault. By default, the status is . |
Publication default status |
The default status that the policies assume when an object is published to the Identity Vault and the status attribute is not set in the application. By default, the status is . |