3.2 Creating the Role Service Driver in iManager

NOTE:You do not need to perform the steps in this section if you are using the User Application Standard Edition.

To create and configure the Role Service driver in iManager:

  1. Open iManager in a Web browser.

    Use 2.6 (for Identity Manager 3.5.1) or iManager 2.7 (for Identity Manager 3.6).

  2. Under Identity Manager > Identity Manager Overview, select the driver set where you want to install the Role Service driver.

    Install the User Application driver before installing the Role Service driver. Use Version 3.6.1 of the User Application driver (UserApplication_3_6_1-IDM3_5_1-V1.xml) with the Role Service driver. If you use a different version of the User Application driver, the Roles Catalog is not available.

  3. Click Add Driver.

  4. In the wizard, keep the default of In an existing driver set. Click Next.

  5. Select RoleService_3_6_1-IDM3_5_1-V1.xml from the drop-down list. This is the Role Service driver configuration file that supports the Roles Based Provisioning Module.

    If it is not in this drop-down list, you did not copy this file to the correct location. Refer to Section 2.6.1, Installing the Role Service Driver by Using the GUI.

    Click Next.

    You might see the following error when trying to create the driver:

    The following 'Namespace Exception' occurred while trying to access the directory. (CLASS_NOT_DEFINED)

    If so, the iManager application might not have picked up your new Roles schema yet. The new schema is necessary for the Role Service driver. Try restarting iManager and eDirectory to ensure that all new schema changes are picked up properly.

  6. Fill out the requested information in the Import Information Requested page. The following table describes the requested information.

    Option

    Description

    Driver Name

    Specify the driver name or keep the default name, Role Service, of the Role Service driver. If you install a new driver with the same name as an existing driver, the new driver overwrites the existing driver’s configuration.

    Use the Browse button to see the existing drivers on the selected driver set. This is a required field.

    User-Group base container DN

    The driver acts only on users, containers, and groups in this base container. If there are group role assignments, the roles driver only grants/revokes roles on members within the domain of the container.

    User Application Driver DN

    The distinguished name of the User Application driver object that is hosting the role system. Use the eDirectory format, such as UserApplication.driverset.org, or browse to find the driver object. This is a required field.

    User Application URL

    The URL used to connect to the User Application in order to start Approval Workflows. The example URL given is http://host:port/IDM. This is a required field.

    User Application Identity

    The distinguished name of the object used to authenticate to the User Application in order to start Approval Workflows. This can be a User Application Administrator to whom you are giving rights to administer the User Application portal. Use the eDirectory format, such as admin.department.org, or browse to find the user. This is a required field.

    User Application Password

    Password of the User Application Administrator specified in the Authentication ID. The password is used to authenticate to the User Application in order to start Approval Workflows. This is a required field.

    Reenter the Password

    Re-enter the password of the User Application Administrator.

  7. After the information is filled in, click Next.

  8. Click Define Security Equivalences to open the Security Equals window. Browse to and select an administrator or other Supervisor object, then click Add.

    This step gives the driver the security permissions it needs. Details about the significance of this step can be found in your Identity Manager documentation.

  9. (Optional, but recommended) Click Exclude Administrative Roles.

  10. Click Add, select users you want to exclude for driver actions (such as administrative roles), click OK twice, then click Next.

  11. Click OK to close the Security Equals window, then click Next to display the summary page.

  12. If the information is correct, click Finish.