Import entitlements

To create a profile of a user's access, you will need to:

  • Define the application in OpenIAM
  • Import entitlements

Most organizations have a collection applications which can be integrated through connectors and others which cannot. For the applications which connectors, you can review the connector documentation. However, for those that do not, you can import them through a CSV file. To simplify this process, out of the box templates have been provided.

Load application list

First load the list of applications into OpenIAM. Use a CSV file with the format described below.

Column nameDescription
MANAGED_SYSTEM_NAMEName as it will defined in OpenIAM
DESCRIPTIONUser friendly description of this application or service
IS_MANUALY - if a connector does not exist. N - if a connector does exist
IS_ACTIVEY - Configuration is available for use. N - configuration disabled and no tasks will be processed for this application.
IS_VISIBLEY - Application is visible in the catalog. N - application is not visible in the catalog.
PARTICIPATE_IN_ACCESSCERTIFICATIONY - Application is available for use in access certification. N - application is not available for use in access certification
CONNECTOR_NAMEName of the OpenIAM connector which will be used with this configuration
URLURL of the application, service or tenant.
PORTPort this application is listening on.
CATEGORY_NAMECategory under which the application should be listed in the service catalog.
PERMISSIONS_LISTPermissions which will be used with this application. Example: READ, WRITE, EXECUTE. These can be unique to this application
APPLICATION_OWNER_TYPEType of application owner: User or Group
APPLICATION_OWNERName of the application owner
APPLICATION_ADMIN_TYPEType of application admin : User or Group
APPLICATION_ADMINName of the application admin
APPROVER1_TYPEType of first approver: Supervisor, application owner, application admin, entitlement owner, specific user or group
APPROVER1Name of the first approver (user name or group name )
APPROVER2_TYPEType of second approver: Supervisor, application owner, application admin, entitlement owner, specific user or group
APPROVER2Name of the second approver (user name or group name )
APPROVER3_TYPEType of third approver: Supervisor, application owner, application admin, entitlement owner, specified user or group
APPROVER3Name of the third approver (user name or group name )

Example:

MANAGED_SYSTEM_NAME,DESCRIPTION,IS_MANUAL,IS_ACTIVE,IS_VISIBLE,PARTICIPATE_IN_ACCESSCERTIFICATION,CONNECTOR_NAME,URL,PORT,CATEGORY_NAME,PERMISSIONS_LIST,APPLICATION_OWNER_TYPE,APPLICATION_OWNER,APPLICATION_ADMIN_TYPE,APPLICATION_ADMIN,APPROVER1_TYPE,APPROVER1,APPROVER2_TYPE,APPROVER2,APPROVER3_TYPE,APPROVER3
Adobe Creative Cloud,,Y,Y,Y,,,,,Enterprise Applications,,,,GROUP,IT_HelpDesk,SUPERVISOR,Reports To,GROUP,Information_Security,,
Salesforce ,,Y,Y,Y,,,,,Sales,,,,GROUP,IT_HelpDesk,SUPERVISOR,Reports To,GROUP,Information_Security,,

Example

To import organization structure from an external via CSV file, go to Provisioning -> Synchronization. Here, one can see a list of synchronization options available.

To import roles, search and select a CSV USER Entitlements Sync Example template. The importing process is controlled via built-in script set in a Transformation rule field.

The mentioned Transformation script is meant to import user entitlements to OpenIAM by filling in the correspondent fields. Here, it is important that a CSV file has same structure, as in the transformation script for the particular entitlement type.

The required structure of CSV file for entitlements is described in the table below.

Column nameDescription
APPLICATIONStands for the type of application user wants to import
TYPEMetadata type to be imported
ENTITLEMENT_NAMEEntitlement the user wants to upload
GROUPGroup to be imported
ROLERole to be imported

Every entitlement type can be uploaded separately also by means of a CSV file via Synchronization option. The detailed process of various entitlements synchronization is given in Automated provisioning section in Adminisrtation guide section and the respective subsections.