Report - Compare values in IdM to system (extras, before CzechIdM 12)

This tutorial shows how to create a report for the chosen identities which compares identity attribute values to the mapped attribute values in a connected system. This report can be used if you change some attribute or in script where the value is calculated. There is no need to set the connected system to read only.

  • The report is currently in the extras module.
  • Have a connected system with some provisioned identities.
  • First of all, go to Reports in the side menu
  • Now let's create a new report, click on green button New report

  • Select report 'Compare values in IdM with values in system'
  • And now we need to select the system we want to compare the values with. There is a select menu so you can select one from list of all connected systems.
  • Attributes - we need identificators of mapped attributes separated by a comma. Scripts in transformation are applied too. Please note that attributes can't be Inactive, otherwise the report fails.
  • Mapping - we need the ID of the mapping where these attributes are defined.
  • Treenode - you will select identities in this organization and identities in child organizations
  • Identities - select identities. There is a select box and it is convenient if you want a report for only a few identities.
  • These IDs can be found in tables with IdM in development stage or in Audit. But we will show you the easiest way to get those IDs.

  • Click on tab Systems and select the system whose values you want to compare the values to, and click on the 'magnifying glass' button. It will open detail of that system.

  • Click on tab Mapping
  • You will see attributes mapping, there could be more than one, specifically for synchronization, but select one for provisioning.
  • Click again on the 'magnifying glass' button.

  • Now you have to open the attribute mapping and in the URL of your browser find the ID of your selected mapping. In the picture bellow it is shown where you can find that ID and copy it.

  • In the lower part of this page you will see your mapped attributes, select one and click again on 'magnifying glass' button.

  • ID of this attribut is again in the URL in your browser, copy it somewhere too.
  • You can copy more IDs of attributes from same mapping.

  • If you want get an ID of tree node, click on Organization and on the tab Structure elements click on the 'magnifying glass' button of one of the shown tree nodes.

  • Again in URL there is an ID of that organization node.

  • Now we have all the necessary IDs, so we can return to creating new 'Compare values in IdM with values in system' report
  • Select System (the one which has the mapping we used)
  • Write in IDs of attributes as in the picture bellow (seperated by comma)
  • Past Mapping ID
  • You can pass a tree node or as in our example select a few identities.
  • Click on Generate report

  • Now the report is generating, it could take a few minutes, based on how many attributes and how many identities are selected.
  • Once the report is generated, it can be downloaded in xlsx or in json. Use the xlsx version, the json contains raw data.

  • You can see an example of the report bellow.
  • It shows status in first column, whether the identity has different selected attributes and username in the second column. This is by default and it cannot be changed.
  • Next are the attributes we selected.
  • For single value attributes:
  • If value is blue, it means the value in the system and in IdM is the same.
  • Otherwise it will write in green 'IdM:value' and in red 'System:value' (for example see the column phone in picture below)
  • Multivalued attributes are not supported yet, only multivalued attributes with merge strategy (it is often used with Active Directory system for provisioning of membership - ldapGroups)
  • Blue values are the values which are the same in IdM as in the system
  • Red values are values missing in IdM which are present in system
  • Green values are the values which are present in IdM but missing in the system

If you write a new script or want to change the current one, but you are in the production environment, you can use this report to be sure nothing bad happens. You can make a report with the attribute and different script. The report will compare value transformed with this new script and value stored in system and you will have confirmation about the changes that would happen.

  • Click on Setting and Script definitions and click on Add

  • Here you need to call that new script, which will override the current one. You can generate it in the mapped attribute or copy existing the one and edit it. So write in the call for that new script.
  • Leave it in Standard category.
  • Write in description something like 'this script is used in report'.
  • Write the code and the script name.
  • Click on Save and continue.

  • Again fill in System and mapping ID's
  • Fill in attributes ID but after attribute ID which you want to override in the script, write colon and code of script like ID:newScriptCallScript (look below for example)

Thank you for reading this tutorial and I hope this tutorial and report is useful to you.

  • by doischert