Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:wizards [2021/02/26 12:52]
svandav [Certificate] 		devel:documentation:wizards [2021/02/26 13:10]
svandav [Attributes]
Line 56: Line 56:
 {{ :devel:documentation:wizard_ad_02.png?600 |}} {{ :devel:documentation:wizard_ad_02.png?600 |}}
  
-==== Permissions ====+==== Check of permissions ====
  
 +In the next step, you have the option to **perform a set of tests for a successful IdM connection**. The most basic test is to **create and delete a user**. This will verify that you have correctly defined the rights for the service account that **IdM accesses to AD** and set the authentication information correctly in the previous steps.
  
 +Not all tests need to be performed to complete the connection. For example, grouping a user is an optional operation for some deployments
  
 {{ :devel:documentation:wizard_ad_03.png?600 |}} {{ :devel:documentation:wizard_ad_03.png?600 |}}
  
 ==== Additional data ==== ==== Additional data ====
 +The next step specifies in which **OUs** users are managed and where **protected** are placed. In the simplest cases, all **OUs** will be the same. The most interesting is the option to create a **synchronization**. This will indicate that you want to **preconfigure pairing synchronization**, which you will use later so that the accounts on the newly connected AD system **link correctly to the identities in CzechIdM**.
  
 +If you want, you can also **activate protected mode** in this step. This is to **prevent deleting the account in AD**. //For example//: If an identity in IdM ceases to be valid (contract expires), its account in AD will not be deleted, but will be moved to the **OU for deleted accounts**.
  
  
Line 69: Line 73:
  
 ==== Attributes ==== ==== Attributes ====
 +In the penultimate step, the wizard prompts you to specify which attributes of the user account in **AD** you want to manage and from which identity attribute in IdM you want to fulfill them.
  
 +The wizard automatically offers **the most frequently used attributes and their typical fulfillment from CzechIdM**. If there are some attributes that you do not use in your AD or do not want to fulfill, disable them or remove them from the list altogether.
 +
 +**The wizard automatically sets even the most common transformation rules for fulfillment.** For example, to fill ** DN (_ NAME _) ** or ** displayName **, where it selects the first and last name combination. If you want to perform some attributes with a different transformation than the one listed here, you can now deactivate the attribute and later modify the transformation to your liking.
  
  
  • by svandav