Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

Technical account - synchronization

In your connected system, chances are that you already have some technical accounts and want to start using the IdM to manage them. Follow this tutorial to synchronize these technical accounts in IdM.

System configuration

Have a standard system supporting provisioning. Any system can be used (MS AD, database…). The only things that need to be configured are mapping and roles.

Create a provisioning mapping

Open the detail of the system and select Mapping. Click add new.

You can also copy an existing mapping and make the necessary change in the account type. This is especially useful if your mapping is complex but similar to the original mapping.

Create the mapping and select the entity type "Technical account". The account type selected must be "Technical".

After that, finish the mapping configuration as needed (and as usual). Since technical accounts are created via a wizard, you don't need to use scripts covering every potential scenario. During the creation process, users can manually set the values for the account.

Roles

If you want to use roles representing permissions in the target system (e. g., MS AD groups), you will have to create a separate set of roles. You can use standard synchronization for this. As of 13.0., however, during synchronization, these roles will not be assigned to the accounts.

Proceed with synchronization

In this step, you will create the technical account objects in the IdM using a standard synchronization. This is a relatively standard synchronization but you will have to make sure that identifiers are unique (which they should be in the target system anyway). Technical accounts themselves don't get many attributes which makes synchronization mapping easier. At the synchronization mapping detail, select your provisioning mapping as Connected mapping. The mapping should be created like this:

In the mapping configuration, you only need to fill the identificator of the technical account (typically the __NAME__ attribute).

Then, create a new synchronization and run it. New technical accounts will be created.

You can finish their configuration after they are synchronized. We recommend you at least set the guarantors for the accounts (since this information is unlikely to be available in the system, you probably cannot synchronize it).

  • by doischert