Creating a synchronization configuration for the source
Most organizations have a collection of applications which can be integrated through connectors while other applications cannot. For applications with available connectors, please review the connector documentation. However, for those connectors that don't provide an integration option, you can import entitlements using a CSV file. To simplify this process, out-of-the-box templates have been provided.
Loading applications list
- The first step in uploading the unintegrated applications into OpenIAM is creating an application list. To do that, use a CSV file with the format described below.
| Column name | Description |
|---|---|
| MANAGED_SYSTEM_NAME | Name as it will be defined in OpenIAM. |
| DESCRIPTION | User-friendly description of this application or service. |
| IS_MANUAL | Y - if a connector does not exist. N - if a connector does exist. |
| IS_ACTIVE | Y - Configuration is available for use. N - configuration disabled and no tasks will be processed for this application. |
| IS_VISIBLE | Y - Application is visible in the catalog. N - application is not visible in the catalog. |
| PARTICIPATE_IN_ACCESSCERTIFICATION | Y - Application is available for use in access certification. N - application is not available for use in access certification. |
| CONNECTOR_NAME | Name of the OpenIAM connector which will be used with this configuration. |
| URL | URL of the application, service or tenant. |
| PORT | Port this application is listening on. |
| CATEGORY_NAME | Category under which the application should be listed in the service catalog. |
| PERMISSIONS_LIST | Permissions which will be used with this application. Example: READ, WRITE, EXECUTE. These can be unique to this application. |
| APPLICATION_OWNER_TYPE | Type of application owner: User or Group. |
| APPLICATION_OWNER | Name of the application owner. |
| APPLICATION_ADMIN_TYPE | Type of application admin: User or Group. |
| APPLICATION_ADMIN | Name of the application admin. |
| APPROVER1_TYPE | Type of first approver: Supervisor, application owner, application admin, entitlement owner, specific user or group. |
| APPROVER1 | Name of the first approver (user name or group name). |
| APPROVER2_TYPE | Type of second approver: Supervisor, application owner, application admin, entitlement owner, specific user or group. |
| APPROVER2 | Name of the second approver (user name or group name). |
| APPROVER3_TYPE | Type of third approver: Supervisor, application owner, application admin, entitlement owner, specified user or group. |
| APPROVER3 | Name of the third approver (user name or group name). |
Example:
MANAGED_SYSTEM_NAME,DESCRIPTION,IS_MANUAL,IS_ACTIVE,IS_VISIBLE,PARTICIPATE_IN_ACCESSCERTIFICATION,CONNECTOR_NAME,URL,PORT,CATEGORY_NAME,PERMISSIONS_LIST,APPLICATION_OWNER_TYPE,APPLICATION_OWNER,APPLICATION_ADMIN_TYPE,APPLICATION_ADMIN,APPROVER1_TYPE,APPROVER1,APPROVER2_TYPE,APPROVER2,APPROVER3_TYPE,APPROVER3Adobe Creative Cloud,,Y,Y,Y,,,,,Enterprise Applications,,,,GROUP,IT_HelpDesk,SUPERVISOR,Reports To,GROUP,Information_Security,,Salesforce ,,Y,Y,Y,,,,,Sales,,,,GROUP,IT_HelpDesk,SUPERVISOR,Reports To,GROUP,Information_Security,,
Process example
To import organization structure from a CSV file, go to webconsole > Provisioning > Synchronization. Here, you can see a list of synchronization options available.
To import roles, search for and select a CSV USER Entitlements Sync Example template. The importing process is controlled via built-in script set in a Transformation rule field.
The mentioned transformation script is meant to import user entitlements to OpenIAM by filling in the correspondent fields. Here, it is important that a CSV file has the same structure, as in the transformation script for the entitlement type.
The required structure of the CSV file for entitlements is described in the table below.
| Column name | Description |
|---|---|
| APPLICATION | Stands for the type of application user wants to import. |
| TYPE | Metadata type to be imported. |
| ENTITLEMENT_NAME | Entitlement the user wants to upload. |
| GROUP | Group to be imported. |
| ROLE | Role to be imported. |
Every entitlement type can be uploaded separately also by means of a CSV file via synchronization option. Entitlement synchronization is described in detail in the automated provisioning section of the administration guide.