This topic contains 2 replies, has 2 voices, and was last updated by  Borja.gonzalezcora 3 weeks, 1 day ago.

  • Author
    Posts
  • #24559
     Borja.gonzalezcora 
    Participant

    Hello,
    I have OpenIDM 6.5, how can I do that users of AD appear on User List of OpenIDM and allow edit attributes from openidm? Thanks!

    #24560
     Bill Nelson 
    Participant

    1. Update managed object to contain any properties you want to manage in AD.
    2. Create a provisioner file to connect IDM to AD (include all the properties that you want to manage in AD).
    3. Create a mapping from AD to IDM (this is needed to load AD users into IDM).
    – include correlation rule to associate accounts between IDM and AD
    – configure ETL between properties in AD and IDM
    – leave situation behaviors as default
    4. Repeat Step 3 for a mapping from IDM to AD (this is needed to manage AD users from IDM).
    5. Run recon for mapping contained in Step 3 and address any errors found in IDM logs.
    6. Run recon for mapping contained in Step 4 and address any errors found in IDM logs.
    7. Update situation behaviors for mapping from Step 3. At a minimum,
    – set action to create for the absent situation
    – set action to update for the confirmed situation
    8. Run a reconbyid against one of the users found in AD using the mapping from Step 3. Observe the resulting object in IDM; address any errors in the IDM logs.
    9. Run a full recon against all users found in AD using the mapping from Step 3. Observe the resulting objects in IDM; address any errors in the IDM logs.

    [you should now have all your AD users loaded into IDM where they can be managed]

    10. Update situation behaviors for mapping from Step 4. At a minimum,
    – set action to create for the absent situation
    – set action to update for the confirmed situation
    11. Create a test user in IDM and observe the behavior in AD; address any errors found in IDM logs.
    12. Update the test user in IDM and observe the behavior in AD; address any errors found in IDM logs.
    13. Update a user imported from AD in Step 9 and observe the behavior in AD; address any errors found in IDM logs.

    [you should now be able to manage AD users from IDM]

    If what I have just written doesn’t make absolute sense to you, then I HIGHLY suggest that you take the IDM-400 training class from ForgeRock.

    #24567
     Borja.gonzalezcora 
    Participant

    Thanks! I will try!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?