Deploying and registering connectors
Before you can use a connector, you must ensure that it has been:
- Deployed
- Started
- Registered.
These three prerequisite steps must be performed before attempting to use any of the connectors.
Depending on the type of environment you're using, the steps for deploying and registering the connector vary. Connector deployment guides are listed below for RPM and Docker installations of OpenIAM:
Establishing a connection
After you have deployed and registered the connector, you will need to establish a connection to your application. Without an active connection, you will not be able to perform any of the operations described in the application on-boarding sections.
To establish a connection, follow the steps described below:
- Login to the webconsole and go to Provisioning -> Managed system
- If you are new to OpenIAM and a sample configuration exists, select the configuration by selecting the Actions button. If you want to create a new configuration, then click on the Create Managed System menu option.
- Complete the form as described below. The example below uses OpenLDAP, but the concepts apply to all managed system configurations.
Complete the form using the table below.
Field name | Description |
---|---|
Connector | Name of the connector that will be used by the managed system configuration. |
Managed system name | Name of this application that is meaningful to the business. |
Description | Description of this application. The description will be used in the service catalog to help end-users gain more information about the application. |
Manual | Checkbox which indicates if this application is a "Manual" application. Meaning that no connector is available and automated provisioning is not supported. If you have a connector for the application, then leave this off. |
Active | Checkbox which indicates if this configuration is active. Only active configurations can process life-cycle events. To make an application 'Active', ensure that this field is checked. |
Show on user change password screen | OpenIAM provides the option for end-users to change their password in a single application. If this application is to be shown on the change password screen, then ensure that this field is checked. |
All users provisioned with this managed system | There are times when all users should be provisioned to an application regardless of business rules or role memberships. To enable this behavior for your application, ensure that this field is checked. |
Host URL | This is the URL to connect to your application, tenant, etc. |
Port | Port that OpenIAM should use to connect to the application. |
Communication Protocol | Defines if OpenIAM should communicate using SSL or Clear. The option that you select here must also be supported by the target application. |
Login ID | Service account ID which will be used by OpenIAM to connect to the application. |
Password | Password for the service account |
Object primary key for user | The unique attribute in the target application that the connector will use to find existing users. Examples of Primary keys can be UID in LDAP, sAMAccountName in ActiveDirectory, etc. |
Base DN for User | This value is relevant only for a directory. It defines the DN under which the user will be created. It's a way to limit the reach of the connector. |
Search Base DN for User | This value is relevant only for a directory. This is part of the directory where the connector is allowed to search to find matching users. This is used to limit the reach of the connector. |
Search scope | This value is relevant only for a directory. You can select a value like Subtree, OneLevel or Object. It determines if the connector will search through subtrees or not. |
Target system type | This value is relevant only for a directory. Since the LDAP connector can be used with a variety of directories such as OpenLDAP, Okta Directory services, eDirectory and Active Directory, these options will allow the connector to compensate for the brand specific nuances between directories. |
Category | This is the category in the service catalog where this application will be listed. Leave it blank to avoid having this application listed in the catalog. |
If the configuration is set to Active, OpenIAM will perform a test connection in a few minutes. Return to the managed systems list and you will see the status on the connector. If the connection is successful, then there will be a green status as shown below. If it fails, it will be red.
Now, after the connection is established, you can proceed with importing entitlements from the application.