Connection details
After you have deployed and registered the connector, you will need to establish a connection to your application. Without an active connection, you will not be able to perform any of the operations described in the application on-boarding sections.
To establish a connection, follow the steps described below:
- Login to the webconsole and go to Provisioning -> Managed system
- If you are new to OpenIAM and a sample configuration exists, then find that application on open configuration using the
Actionsbutton. If you want to create a new configuration, then click on theCreate Managed Systemmenu option. - Complete the form as described below. The example below uses OpenLDAP, but the concepts apply to all managed system configurations.
Complete the form using the table below.
| Field name | Description |
|---|---|
| Connector | Name of the connector that will be used by the managed system configuration |
| Managed system name | Name of this application that is meaningful to the business |
| Description | Description of this application. The description will be used in the service catalog to help end-users gain more information about the application |
| Manual | Checkbox which indicates if this application is a "Manual" application. Meaning that no connector is available and automated provisioning is not supported. If you have a connector for the application, then leave this off. |
| Active | Checkbox which indicates if this configuration is active. Only active configurations can process life-cycle events. To make an application "Active", ensure that this field is checked. |
| Show on user change password screen | OpenIAM provides the option for end-users to change their password in a single application. If this application is to be shown on the change password screen, the ensure that this field is checked. |
| All users provisioned with this managed system | There are times when all users should be provisioned to an application regardless of business rules or role memberships. To enable this behavior for your application, ensure that this field is checked. |
| Host URL | This is the URL to connect to your application, tenant, etc. |
| Port | Port that OpenIAM should use to connect to the application. For example, LDAP can be port 389,636,etc. |
| Communication Protocol | Defines if OpenIAM should communicate using SSL or Clear. The option that you select here must also be supported by the target application. |
| Login ID | Service account Id which will be used by OpenIAM to connect to the application. |
| Password | Password for the service account |
| Object primary key for user | The unique attribute in the target application that the connector will use to find an existing users. Examples of Primary keys can be: uid in LDAP, sAMAccountName in ActiveDirectory, etc. |
| Base DN for User | This value is relevant only for a directory. It defines the DN under which the user will be created. Its a way to limit the reach of the connector. |
| Search Base DN for User | This value is relevant only for a directory.This is part of the directory where the connector is allowed to search to find matching users. This is used to limit the reach of the connector. |
| Search scope | This value is relevant only for a directory. You can select a value like Subtree, OneLevel or Object. It determines if the connector will search through subtrees or not. |
| Target system type | This value is relevant only for a directory. Since the ldap connector can be used with a variety of directories such as OpenLDAP, Okta Directory services, eDirectory and Active Directory - These options allow the connector to compensation for brand specific nuances between directories. |
| Category | This is the category in the service catalog where this application will be listed. Leave it blank to avoid having this application listed in the catalog. |
If the configuration is set to "Active", OpenIAM will perform a test connection in a few minutes. Return back to the managed system list and you will see the status on the connector. If the connection is successful, then you will see a green status as shown here. If it fails, it will be shown in red.
