Deploying and registering connectors

Before you can use a connector you must ensure that it has been:

  • Deployed
  • Started
  • Registered.

These three prerequisite steps must be performed before attempting to use any of the connectors.

Depending on the type of environment you're using, the steps for deploying and registering the connector vary. Connector deployment guides are listed below for RPM and Docker installations of OpenIAM:

Establishing a connection

After you have deployed and registered the connector, you will need to establish a connection to your application. Without an active connection, you will not be able to perform any of the operations described in the application on-boarding sections.

To establish a connection, follow the steps described below:

  • Login to the webconsole and go to Provisioning -> Managed system
  • If you are new to OpenIAM and a sample configuration exists, select the configuration by selecting the Actions button. If you want to create a new configuration, then click on the Create Managed System menu option.
  • Complete the form as described below. The example below uses OpenLDAP, but the concepts apply to all managed system configurations.

Managed system connection details

Complete the form using the table below.

Field nameDescription
ConnectorName of the connector that will be used by the managed system configuration.
Managed system nameName of this application that is meaningful to the business.
DescriptionDescription of this application. The description will be used in the service catalog to help end-users gain more information about the application.
ManualCheckbox which indicates if this application is a "Manual" application. Meaning that no connector is available and automated provisioning is not supported. If you have a connector for the application, then leave this off.
ActiveCheckbox which indicates if this configuration is active. Only active configurations can process life-cycle events. To make an application 'Active', ensure that this field is checked.
Show on user change password screenOpenIAM provides the option for end-users to change their password in a single application. If this application is to be shown on the change password screen, then ensure that this field is checked.
All users provisioned with this managed systemThere are times when all users should be provisioned to an application regardless of business rules or role memberships. To enable this behavior for your application, ensure that this field is checked.
Host URLThis is the URL to connect to your application, tenant, etc.
PortPort that OpenIAM should use to connect to the application.
Communication ProtocolDefines if OpenIAM should communicate using SSL or Clear. The option that you select here must also be supported by the target application.
Login IDService account ID which will be used by OpenIAM to connect to the application.
PasswordPassword for the service account
Object primary key for userThe unique attribute in the target application that the connector will use to find existing users. Examples of Primary keys can be uid in LDAP, sAMAccountName in ActiveDirectory, etc.
Base DN for UserThis value is relevant only for a directory. It defines the DN under which the user will be created. It's a way to limit the reach of the connector.
Search Base DN for UserThis value is relevant only for a directory. This is part of the directory where the connector is allowed to search to find matching users. This is used to limit the reach of the connector.
Search scopeThis value is relevant only for a directory. You can select a value like Subtree, OneLevel or Object. It determines if the connector will search through subtrees or not.
Target system typeThis value is relevant only for a directory. Since the LDAP connector can be used with a variety of directories such as OpenLDAP, Okta Directory services, eDirectory and Active Directory, these options will allow the connector to compensate for the brand specific nuances between directories.
CategoryThis is the category in the service catalog where this application will be listed. Leave it blank to avoid having this application listed in the catalog.

If the configuration is set to Active, OpenIAM will perform a test connection in a few minutes. Return back to the managed systems list and you will see the status on the connector. If the connection is successful, then there will be a green status as shown below. If it fails, it will be red.

Managed system connection details

Now, after the connection is established, you can proceed with importing entitlements from the application.