• State Not Answered
  • Replies 5 replies
  • Subscribers 96 subscribers
  • Views 7723 views
  • Users 0 members are here
Options
Related

what is the best way to configure data warehouse, which is responsible for managing access information for more than one applications? Both Synchronization and (de)provisioning shall be performed on the data warehouse.

kavita.digari
over 6 years ago

I've a central repository(target system) for many of my applications which keeps user accounts, roles (along with application mapping) and user-role association. I want it to integrate within D1IM v7, so that, for all applications, data synchronization data and provisioning of roles is done using D1IM to a single target. Any suggestion what would be the best way to implement it in D1IM.

 

  • 0 over 6 years ago
    Read users into UNSAccountB, groups into UNSGroupB and assignments into UNSAccountBInUNSGroupB. I think that is a possible way forward
  • 0 over 6 years ago
    You can use DPRNameSpace and UNSRootB (Manager's Custom Target System Types and Custom Target Systems) to differentiate between the systems in the central repository.

    Assuming the central repository is SQL, and there's some way to filter the target systems by matching system name to Ident_UNSRoot for example, you can configure separate mappings and workflows for each target system.

    Does each target system in the repository have a separate schema or are they sharing a common schema?
  • 0 over 6 years ago
    Is it SQL or LDAP? If SQL, then as I said configure a DPR Namespace for the central repository and a seperate Custom Target System for each of the applications.

    As long as the schema gives you the ability to differentiate between App1\Username and App2\Username (and other systems) then the sync project can either filter objects by target system. Alternatively you might be able to create a single sync which imports in all users, containers and groups from all systems in the central repository, but which populates the UID_UNSRootB value for each object so that Identity Manager knows which system it belongs to.

    It all depends on how much functionality you need for apps integrated via the central repository.

    Out of curiosity, is the repository a commercial aggregation / reporting platform or is it just an in-house SQL database that is used by multiple applications?

    And, do you need full provisioning capabilities or just read/reconcilation access?
  • 0 over 6 years ago

    Hi,

    According to the documentation: "Base objects are are required for synchronizing all target systems that are connected to One Identity Manager by default." This suggests you usually need a unique base object for each target system. Conclusion: use UNSRootB as the base table, with the base object(s) being the custom target system(s) covered by the sync project.

    The only reason for caution is, this line in the documentation:  "You cannot normally specify a base object for synchronizing with database connectors and the CSV connector."

    Perhaps the developers mean you you can only do it if certain other objects have been created first. For example:

    1. a single Custom Target System Type for the specific SQL database in Manager (which creates the unique row in DPRNameSpace)
    2. a separate Custom Target System in Manager for each application in scope for the sync project (this creates unique rows in UNSRootB and you can link each one to the Custom Target System Type created in step 1)