SSF Tools Loopback Connector User Guide
User Manual:
Open the PDF directly: View PDF .
Page Count: 9
Download | |
Open PDF In Browser | View PDF |
SSF Tools: IdentityIQ Loopback Connector User Guide Document Revision History Revision Date January 2017 March 3rd 2017 Written/Edited By Christian Cairney Christian Cairney May 18th, 2018 Christian Cairney May 23rd 2018 Christian Cairney Comments Initial version released with SSD v3 New features: Filter on identities with entitlements, correlated identities and custom filter expression Updated documentation with note on projected queries and the object schema Enabled Password and Authenticate features © Copyright 2018 SailPoint Technologies, Inc., All Rights Reserved. SailPoint Technologies, Inc. makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. SailPoint Technologies shall not be liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Restricted Rights Legend. All rights are reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of SailPoint Technologies. The information contained in this document is subject to change without notice. Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD agencies, and subparagraphs (c) (1) and (c) (2) of the Commercial Computer Software Restricted Rights clause at FAR 52.227-19 for other agencies. Regulatory/Export Compliance. The export and reexport of this software is controlled for export purposes by the U.S. Government. By accepting this software and/or documentation, licensee agrees to comply with all U.S. and foreign export laws and regulations as they relate to software and related documentation. Licensee will not export or reexport outside the United States software or documentation, whether directly or indirectly, to any Prohibited Party and will not cause, approve or otherwise intentionally facilitate others in so doing. A Prohibited Party includes: a party in a U.S. embargoed country or country the United States has named as a supporter of international terrorism; a party involved in proliferation; a party identified by the U.S. Government as a Denied Party; a party named on the U.S. Government's Entities List; a party prohibited from participation in export or reexport transactions by a U.S. Government General Order; a party listed by the U.S. Government's Office of Foreign Assets Control as ineligible to participate in transactions subject to U.S. jurisdiction; or any party that licensee knows or has reason to know has violated or plans to violate U.S. or foreign export laws or regulations. Licensee shall ensure that each of its software users complies with U.S. and foreign export laws and regulations as they relate to software and related documentation. Trademark Notices. Copyright © 2018 SailPoint Technologies, Inc. All rights reserved. SailPoint, the SailPoint logo, SailPoint IdentityIQ, and SailPoint Identity Analyzer are trademarks of SailPoint Technologies, Inc. and may not be used without the prior express written permission of SailPoint Technologies, Inc. All other trademarks shown herein are owned by the respective companies or persons indicated. IdentityIQ Loopback Connector User Guide Page 2 of 9 Table of Contents Overview ............................................................................................................................................ 4 Supported Features ........................................................................................................................ 4 Installation .......................................................................................................................................... 5 Application Details .............................................................................................................................. 6 Application Type ............................................................................................................................. 6 Configuration ...................................................................................................................................... 7 Settings .......................................................................................................................................... 7 Ignore non correlated Identities ................................................................................................... 7 Ignore identities with no entitlements........................................................................................... 7 Identity Filter ............................................................................................................................... 7 Schema attributes .............................................................................................................................. 8 Account Attributes........................................................................................................................... 8 Workgroup Attributes ...................................................................................................................... 8 Capability Attributes ........................................................................................................................ 8 Passthrough Authentication and Password features........................................................................... 9 IdentityIQ Loopback Connector User Guide Page 3 of 9 Overview The IdentityIQ Loopback connector is designed to read in IdentityIQ Identities and expose them as accounts. Out of the box, the connector exposes workgroups and permissions as entitlements which can be re-used in roles and for LCM access requests and certifications. It is compatible with IdentityIQ 6.4 and later. The connector uses the SailPoint Provisioning API to avoid locking issues and supports Delta Aggregation to reduce aggregation times. This connector supports Provisioning and Search. Supported Features The IdentityIQ Loopback connector supports: • • Account Management o Managed IdentityIQ Identitiy cubes as Accounts o Aggregation, Delta Aggregation o Password o Authentication o Update ▪ Create is not supported and is transformed to a modify ▪ Delete is not supported and is transformed to a modify Account Group Management o Workgroups is a pseudo class, and aggregated using Identity + isWorkgroup = true o Capabilities are aggregated as is. IdentityIQ Loopback Connector User Guide Page 4 of 9 Installation The IdentityIQ Loopback connector consists of the following class files: Filename LoobackConnector.java The configuration files are: Filename IIQ_Application_Config.xml Description Main Loopback Connector java class Description Connector Registry merge config file to describe the connector These files are included in the Services Standard Deployment (SSD) and automatically deployed with your project using the Services Standard Build (SSB). Follow the SSB instructions to create a build for your environment and deploy the files. If you wish to prevent automated deployment of the IdentityIQ Loopback Connector you can set the following property in the build.properties file in the SSD: deployIIQLoopbackConnector=false This prevents the Connector Registry updates being made, although the connector Java class will still be added to the resulting build. IdentityIQ Loopback Connector User Guide Page 5 of 9 Application Details Application Type The Application Type is “IdentityIQ Loopback Connector”. IdentityIQ Loopback Connector User Guide Page 6 of 9 Configuration Settings Ignore non correlated Identities If this option is checked, then only correlated accounts will be aggregated. Ignore identities with no entitlements If this option is checked, only identities with any entitlement values will be aggregated based on this application’s schema. Identity Filter IdentityIQ Filter expression which will be applied when querying for Identity objects on aggregation. IdentityIQ Loopback Connector User Guide Page 7 of 9 Schema attributes The application schema is used to configure the objects returned from a connector. When a connector is called, the schema is supplied to the methods on the connector interface. This connector currently supports three types of objects: account, workgroup and capability. Account objects are used when building identities’ Link objects. The workgroup and capabilities schema is used when building AccountGroup objects which are used to hold entitlements shared across identities. NB: Any object schema’s attributes must be marked up as searchable; non-searchable attributes cannot be queried for and will result in an error. Account Attributes Attribute name name firstname lastname displayName workroups.name Type string string string string workgroup capabilities.name capability inactive String Description Identity cube name Identity first name Identity last name Identity display name Multi value list of all the workgroups the identity has a membership of Multi value list of the capabilities assigned to the identity Identity inactive flag Workgroup Attributes Attribute name Name displayName capabilities.name Type string string capability Description Workgroup name Workgroup display name Multi value list of the capabilities assigned to the workgroup Type string Description Capability name Capability Attributes Attribute name name IdentityIQ Loopback Connector User Guide Page 8 of 9 Passthrough Authentication and Password features The Loopback Connector supports AUTHENTICATION and PASSWORD features which allow the implementer to configure this Loopback connector for pass through authentication and allow the reset of the identity password through the application password management pages. The main use case for these features on this connector is to enable password self-service if the identity does not have an authentication-enabled application correlated which can be used for pass through authentication. The Loopback connector Authentication feature respects IdentityIQ’s account lockout and disable features. IdentityIQ Loopback Connector User Guide Page 9 of 9
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.7 Linearized : No Page Count : 9 Language : en-US Tagged PDF : Yes XMP Toolkit : 3.1-701 Producer : Microsoft® Word 2016 Creator Tool : Microsoft® Word 2016 Create Date : 2018:06:27 13:44:55+00:00 Modify Date : 2018:06:27 13:44:55+00:00 Document ID : uuid:B8FE59B6-BAB7-478B-BAD7-A0472A5B0D62 Instance ID : uuid:B8FE59B6-BAB7-478B-BAD7-A0472A5B0D62 Creator : Microsoft® Word 2016EXIF Metadata provided by EXIF.tools