Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

This is an old revision of the document!

Report - Compare values in IdM to system

This tutorial shows how to create a report for the chosen identities. Report compares identity attribute values to mapped attribute in connected system. This report can be used, if you will change some attribute or in script, where value is calculated. You do not need set connected system to read only.

Preparation

  • Report is currently in extras module.
  • Connected system with some provisioned identities.

Report

  • First of all, go to Reports in the side menu
  • Now let's create a new report, click on green button New report

  • Select report 'Compare values in IdM with values in system'
  • And now we need system we want compare values with, it is select box, so you can select right one from list of all connected system
  • Attributes - we need identificators of mapped attributes separated by comma. If attribute has transformation script, after identificator of attribute write colon and code of script.
  • Mapping - we need ID of mapping, where theese attributes are defined.
  • Treenode - you will select identities in this organization and identities in child organizations
  • Identities - fill identities or Treenode. Treenode will select bunch of identities, Identities is select box and it is convinient using a few identities.
  • These ID's can be found tables with IdM in development stage or in Audit. But we will show you the easiest way to get that ID's

  • Click on tab Systems and select system with wich you want to compare values, and click on 'magnifying glass' button. It will open detail of that system.

  • Click on Mapping
  • There are attributes mapping, could there be more, specifically for synchronization, but rather select one for provisoning.
  • Click again on 'magnifying glass' button.

  • Now you have open attribute mapping and in URL of your browser id ID of your selected mapping. On picture bellow there is shown where you can find thaht ID and copy it.

  • On lower part of this page there are your mapped attributes, select one and click again on 'magnifying glass' button.

  • ID of this attribut is again in URL in your browser, copy it somewhere too.

  • Look down on this page, if there is Transformation to system script.
  • Yeah we got one here, but we cannot directly use this script, because there can be used 'script authorities' and we need to use this workaround.
  • Copy that call of script 'displayNameScript'.

  • Click on Setting and Script definitions and click on Add

  • Past in call of that script, let it in Standard category. Write in description something like 'this script is used in report' and write code and script name.
  • Click on Save and continue.
  • Now you can copy more ID's of attributes from that mapping.

  • If you want get ID of tree node, click on Organization and on tab Structure elements click on 'magnifying glass' button of one of shown tree nodes.

  • Again in URL there is ID of that organization node.

  • Now we have all necessary ID's, so we return to creating new 'Compare values in IdM with values in system'
  • Select System (the right one, which has the mapping we used)
  • Write in ID's of attributes as in picture bellow (like ID:scriptCode,ID,ID,ID:scriptCode2,ID)
  • Past Mapping ID
  • You can past tree node or as in our example select a fet identities.
  • Click on Generate report

  • Now report is generating, it could take a few minutes, based on how many attributes and how many identities are selected.
  • And then there is completed report, which can be downloaded xlsx or in json. Rather use xlsx version.

  • Example of report you can see bellow.
  • It shows status in first column, if identity has different selected attributes and Username in second. This is by default and it cannot be changed.
  • Next are attributes we selected.
  • For single value attributes:
  • If value is blue, it means in system and in IdM it is same.
  • Otherwise it will write in green 'IdM:value' and in red 'System:value' (column phone in picture bellow)
  • Multivalued attributes are not supported yet, only multivalued attributes with merge strategy (it is often used with Active Directory system for provisioning of membership - ldapGroups)
  • Blue values are same in IdM and in system
  • Red values are missing in IdM and are in System
  • Green values are in IdM and are missing in System

Thank you for reading this tutorial and I hope this tutorial and report is useful for you.

  • by stloukalp