After you install Identity Manager and the driver, you create a Driver object. A Driver object represents an instance of the Identity Manager Driver for SIF.
A driver configuration file, SIFAgent-IDM3_5_0-V1.xml, is provided to get you up and running with a minimum of customization. This section explains what the driver configuration does.
For information about Identity Manager in general, see the Novell Identity Manager 3.5.1 Administration Guide .
The following tables describe what the configuration does to provision user accounts and keep the Identity Vault updated when changes occur in the Student Information System. There are two types of user accounts; students and staff. Table 1-1 contains information about student provisioning and Table 1-2 contains information about staff provisioning.
Table 1-1 Student Provisioning
Change in Student Data |
Synchronization in the Identity Vault |
---|---|
A student is added |
|
A student’s information is modified |
|
A student withdraws from school or graduates |
|
A student returns to the school system (an Entry Date that is newer than the Exit Date is entered in the Student Information System) |
|
A student is removed from the Student Information System |
|
Table 1-2 Staff Provisioning
Change in Staff Data |
Synchronization in the Identity Vault |
---|---|
Staff is added |
|
Staff information is modified |
|
Staff removed from the Student Information System |
|
The Identity Manager Driver for SIF uses data from the Student Information System to synchronize the following User class attributes in the Identity Vault. Table 1-3 contains a list of the eDirectory attribute, the SIF objects, and the SIF attributes.
Table 1-3 User Class Attributes
The SIF Driver is generally used to provision users from a SIF-enabled Student Information System to the Identity Vault. The driver is configured, by default, to send no data from the Identity Vault to the Zone Integration Server (ZIS) and the Student Information System. The Student Information System is considered to be the authoritative data source.
However, the driver is capable of bidirectional synchronization and can send data to the ZIS and SIF. There are two ways you might choose to use this bidirectional capability:
Configure the driver as the authoritative source for some user attributes or for new users.
If you want the Identity Vault to be the authoritative source for some user attributes, you could configure the driver to send certain attributes from the Identity Vault to SIF.
If your business practices allow users to be entered manually in the Identity Vault who are not entered in the Student Information System first, you could also configure the driver to send new users from the Identity Vault to SIF.
Configure the driver to be the SIF provider for all student and staff data.
If your Student Information System is not SIF-enabled, but you have other SIF-enabled applications, you might choose to configure the SIF Driver to function as the authoritative source for students and staff.
In this role, the SIF Driver is the SIF provider for StudentPersonal, StudentSchoolEnrollment, SchoolInfo, StaffPersonal, and SIF Authorization objects. Being the provider means this driver responds when other SIF-enabled applications send SIF queries for information about students and staff.
For example, you could export student and staff information from your Student Information System and import it into the Identity Vault, using a database import. At the start of the school year, the other SIF Agents in the Zone would populate their databases by querying for all students. If you register the SIF Driver as the provider for the Zone, the queries would be routed to the SIF Driver. During the school year, as student and staff information in the Identity Vault is updated, either by database import or by updating manually, the SIF Driver would send those updates to SIF, thereby keeping the other SIF-enabled applications current.
You would not enable this option if you have a SIF-enabled Student Information System. Only one Agent in a Zone can be the provider. If you have a SIF-enabled Student Information System, we recommend that the Student Information System be the provider.
If you configure the SIF Driver to send new users or to be the provider of all student and staff information, at a minimum you must provide the user attributes listed in Table 1-4 when creating a user object in the Identity Vault. A new user object is not sent from the Identity Vault to SIF unless these attributes have values.