Creating a synchronization configuration for the source

Most organizations have a collection of applications which can be integrated through connectors while other applications cannot. For applications with available connectors, please review the connector documentation. However, for those connectors that don't provide an integration option, you can import entitlements using a CSV file. To simplify this process, out-of-the-box templates have been provided.

Loading applications list

  1. The first step in uploading the unintegrated applications into OpenIAM is creating an application list. To do that, use a CSV file with the format described below.
Column nameDescription
MANAGED_SYSTEM_NAMEName as it will be defined in OpenIAM.
DESCRIPTIONUser-friendly description of this application or service.
IS_MANUALY - if a connector does not exist. N - if a connector does exist.
IS_ACTIVEY - Configuration is available for use. N - configuration disabled and no tasks will be processed for this application.
IS_VISIBLEY - Application is visible in the catalog. N - application is not visible in the catalog.
PARTICIPATE_IN_ACCESSCERTIFICATIONY - Application is available for use in access certification. N - application is not available for use in access certification.
CONNECTOR_NAMEName of the OpenIAM connector which will be used with this configuration.
URLURL of the application, service or tenant.
PORTPort this application is listening on.
CATEGORY_NAMECategory under which the application should be listed in the service catalog.
PERMISSIONS_LISTPermissions which will be used with this application. Example: READ, WRITE, EXECUTE. These can be unique to this application.
APPLICATION_OWNER_TYPEType of application owner: User or Group.
APPLICATION_OWNERName of the application owner.
APPLICATION_ADMIN_TYPEType of application admin: User or Group.
APPLICATION_ADMINName of the application admin.
APPROVER1_TYPEType of first approver: Supervisor, application owner, application admin, entitlement owner, specific user or group.
APPROVER1Name of the first approver (user name or group name).
APPROVER2_TYPEType of second approver: Supervisor, application owner, application admin, entitlement owner, specific user or group.
APPROVER2Name of the second approver (user name or group name).
APPROVER3_TYPEType of third approver: Supervisor, application owner, application admin, entitlement owner, specified user or group.
APPROVER3Name of the third approver (user name or group name).

Example:

MANAGED_SYSTEM_NAME,DESCRIPTION,IS_MANUAL,IS_ACTIVE,IS_VISIBLE,PARTICIPATE_IN_ACCESSCERTIFICATION,CONNECTOR_NAME,URL,PORT,CATEGORY_NAME,PERMISSIONS_LIST,APPLICATION_OWNER_TYPE,APPLICATION_OWNER,APPLICATION_ADMIN_TYPE,APPLICATION_ADMIN,APPROVER1_TYPE,APPROVER1,APPROVER2_TYPE,APPROVER2,APPROVER3_TYPE,APPROVER3
Adobe Creative Cloud,,Y,Y,Y,,,,,Enterprise Applications,,,,GROUP,IT_HelpDesk,SUPERVISOR,Reports To,GROUP,Information_Security,,
Salesforce ,,Y,Y,Y,,,,,Sales,,,,GROUP,IT_HelpDesk,SUPERVISOR,Reports To,GROUP,Information_Security,,

Process example

To import organization structure from a CSV file, go to webconsole > Provisioning > Synchronization. Here, you can see a list of synchronization options available.

To import roles, search for and select a CSV USER Entitlements Sync Example template. The importing process is controlled via built-in script set in a Transformation rule field.

The mentioned transformation script is meant to import user entitlements to OpenIAM by filling in the correspondent fields. Here, it is important that a CSV file has the same structure, as in the transformation script for the entitlement type.

The required structure of the CSV file for entitlements is described in the table below.

Column nameDescription
APPLICATIONStands for the type of application user wants to import.
TYPEMetadata type to be imported.
ENTITLEMENT_NAMEEntitlement the user wants to upload.
GROUPGroup to be imported.
ROLERole to be imported.

Every entitlement type can be uploaded separately also by means of a CSV file via synchronization option. Entitlement synchronization is described in detail in the automated provisioning section of the administration guide.