Wizards

The main importance of wizards is to simplify the work of the user, so as to avoid complicated entering values and possibly to avoid common mistakes.

System wizards are used primarily to create a new system connected to a given external system. The first step is to select the connector you want to use for the connection.

In the version 10.6.0, a universal wizard for creating a system was added. Since version 10.7.0, we focused on creating specialized wizards that simplify the configuration of the connector.

Currently, the following specialized wizards are available in IdM:

In the case of a CSV wizard, the user does not have to fill in the location of the CSV file on the server, but can simply use the drag and drop zone to upload the file.

Another simplification is the selection of the primary identifier, where the user does not have to remember the name of 'columns' in the CSV file, but they are all read from the file and offered in the selectbox.

Another specialized wizard is used to connect database tables. Previously, the user had to configure the attributes that are charged to the database. For example, the name of the database driver, the mask for the composition of the resulting URL, etc. Now the user is exempt from this and the wizard does this for him.

Currently, three wizards are available for connecting database tables for PostgresSql, MS SQL server and MySQL. The wizard for the given database type is displayed only if the given IdM installation has the necessary database driver available.

The most ambitious is the wizard for connecting the Microsoft Active Directory system (AD). Connecting AD within IdM is very important and at the same time manual connection can be a relatively complex matter for many and more advanced users.

The complication starts in communication with AD. Here it is very important to use secure communication (SSL), which requires the installation of a correct certificate. It is also important to verify that our service AD account has sufficient privileges.

However, the biggest difficulties can occur with many rules that must be followed during the connection (connector settings) and especially in the way to correctly map the individual attributes of AD. Just choosing the right attributes to be mapped to AD may not be easy for an ignorant user.

This guide therefore solves all the mentioned problems and is based on our best experience of how to effectively manage an AD system.

In the first step, choose the name of the system as you want it to appear in IdM. Next, fill access data to the connected AD. Ie. host name, TCP port, user name and password.

In the second step, the wizard can download the certificate from the AD and save it to the server. First, the wizard verifies that your IdM server has the correct certificate installed for communication with AD. Next, the certificate is searched directly in AD. The goal is to find a certificate issued by the highest possible authority. The found certificate needs to be inserted into the trusted certificate store and the IdM restarted. The reason why we do not recommend using a server certificate directly in the trusted certificate store (it would be functionally sufficient) is its shorter validity (typically only 1 year).

In the next step, you have the option to perform a set of tests for a successful IdM connection. The most basic test is to create and delete a user. This will verify that you have correctly defined the rights for the service account that IdM accesses to AD and set the authentication information correctly in the previous steps.

Not all tests need to be performed to complete the connection. For example, grouping a user is an optional operation for some deployments