You create the RSA driver by installing the driver packages and then modifying the configuration to suit your environment. After you create and configure the driver, you need to deploy it to the Identity Vault and start it.
The driver packages contain the items required to create a driver, such as policies, entitlements, filters, and Schema Mapping policies. These packages are only available in Designer and can be updated after they are initially installed. You must have the most current version of the packages in the Package Catalog before you can create a new driver object.
To verify that you have the most recent version of the driver packages in the Package Catalog:
Open Designer.
In the toolbar, click
> .Click
to update the packagesor
Click
if the packages are up-to-date.In the Outline view, right-click the Package Catalog.
Click
.Select any RSA driver packages
or
Click
to import all of the packages displayed.By default, only the base packages are displayed. Deselect
to display all packages.Click
to import the selected packages, then click in the successfully imported packages message.After the current packages are imported, continue with Section 4.1.2, Installing the Driver Packages.
After you have imported the current driver packages into the Package Catalog, you can install the driver packages to create a new driver.
In Designer, open your project.
In the Modeler, right-click the driver set where you want to create the driver, then click
> .Select
, then click .Select the default configuration for the RSA driver.
This package contains the default configuration information for the RSA driver. Always leave this option selected.
Click
.(Conditional) If there are package dependencies for the packages you selected to install, you must install them to install the selected package. Click
to install the package dependencies that are listed.(Conditional) If more than one type of package dependency must be installed, you are presented with these packages separately. Continue to click
to install any additional package dependencies.Click
.On the Driver Information page, specify a name for the driver, then click
.On the Application Authentication page, fill in the following fields:
Authentication ID: Specify the username for the RSA user created for the driver if the driver is connecting to RSA 7.1.This is the user created in Section 3.1, Creating an RSA Authentication Manager 7.1 User Object with SuperAdminRole Rights. Leave this field blank for RSA 6.1.
Connection Information: Specify the connection information for the driver to connect to the RSA 7.1 server. Leave this field blank for RSA 6.1.
Password: Specify the password for the RSA user created for the driver if the driver is connecting to RSA 7.1. This is the password created in Section 3.1, Creating an RSA Authentication Manager 7.1 User Object with SuperAdminRole Rights. Leave this field blank for RSA 6.1.
Click
.Fill in the following fields for Remote Loader information:
Connect To Remote Loader: Select Identity Manager 4.0 Remote Loader Guide.
or to determine if the driver will use the Remote Loader. For more information, see theIf you select Step 13. If you select , use the following information to complete the configuration of the Remote Loader.
, skip toHost Name: Specify the IP address or DNS name of the server where the Remote Loader is installed and running.
Port: Specify the port number for this driver. Each driver connects to the Remote Loader on a separate port. The default value is 8090.
Remote Loader Password: Specify a password to control access to the Remote Loader. It must be the same password that is specified as the Remote Loader password on the Remote Loader.
Driver Password: Specify a password for the driver to authenticate to the Metadirectory server. It must be the same password that is specified as the Driver Object Password on the Remote Loader.
Click
.Review the summary of tasks that will be completed to create the driver, then click
.After you have installed the driver, you must change the configuration for your environment. Proceed to Section 4.1.3, Configuring the Driver.
After importing the driver configuration file, you need to configure the driver before it can run. You should complete the following tasks to configure the driver:
Configure the driver parameters: There are many settings that can help you customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs). Although it is important for you to understand all of the settings, your first priority should be to review the Driver Parameters located on the Driver Configuration page. The Driver Parameters let you configure the RSA API version and API version specific attributes. You can also configure the publisher options through the Driver Parameters.
Configure the driver filter: Modify the driver filter to include the object classes and attributes you want synchronized between the Identity Vault and RSA Authentication Manager. For instructions, see Section 6.0, Synchronizing Data.
Configure policies: Modify the policies as needed. For information about the default configuration policies, see Policies.
After completing the configuration tasks, continue with the next section, Section 4.1.4, Deploying the Driver.
After a driver is created in Designer, it must be deployed into the Identity Vault.
In Designer, open your project.
In the Modeler, right-click the driver icon or the driver line, then select
.If you are authenticated to the Identity Vault, skip to Step 5; otherwise, specify the following information:
Host: Specify the IP address or DNS name of the server hosting the Identity Vault.
Username: Specify the DN of the user object used to authenticate to the Identity Vault.
Password: Specify the user’s password.
Click
.Read through the deployment summary, then click
.Read the successful message, then click
.Click
to assign rights to the driver.The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
Click
, then browse to and select the object with the correct rights.Click
twice.Click
to exclude users that should not be synchronized.You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.
Click
.When a driver is created, it is stopped by default. To make the driver work, you must start the driver and cause events to occur. Identity Manager is an event-driven system, so after the driver is started, it won’t do anything until an event occurs.
To start the driver:
In Designer, open your project.
In the Modeler, right-click the driver icon or the driver line, then select
.For information about management tasks with the driver, see Section 5.0, Managing the Driver.