Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

This is an old revision of the document!

Report - Compare values in IdM to system

This tutorial shows how to create a report for the chosen identities. Report compares identity attribute values to mapped attribute in connected system. This report can be used, if you will change some attribute or in script, where value is calculated. You do not need set connected system to read only.

Preparation

  • Report is currently in extras module.
  • Connected system with some provisioned identities.

Report

  • First of all, go to Reports in the side menu
  • Now let's create a new report, click on green button New report

  • Select report 'Compare values in IdM with values in system'
  • And now we need system we want compare values with, it is select box, so you can select right one from list of all connected system
  • Attributes - we need identificators of mapped attributes separated by comma. Scripts in transformation are applied too.
  • Mapping - we need ID of mapping, where theese attributes are defined.
  • Treenode - you will select identities in this organization and identities in child organizations
  • Identities - fill identities or Treenode. Treenode will select bunch of identities, Identities is select box and it is convinient using a few identities.
  • These ID's can be found tables with IdM in development stage or in Audit. But we will show you the easiest way to get that ID's

  • Click on tab Systems and select system with wich you want to compare values, and click on 'magnifying glass' button. It will open detail of that system.

  • Click on tab Mapping
  • There are attributes mapping, could there be more, specifically for synchronization, but rather select one for provisoning.
  • Click again on 'magnifying glass' button.

  • Now you have open attribute mapping and in URL of your browser id ID of your selected mapping. On picture bellow there is shown where you can find thaht ID and copy it.

  • On lower part of this page there are your mapped attributes, select one and click again on 'magnifying glass' button.

  • ID of this attribut is again in URL in your browser, copy it somewhere too.
  • You can copy more ID's of attributes from same mapping.

  • If you want get ID of tree node, click on Organization and on tab Structure elements click on 'magnifying glass' button of one of shown tree nodes.

  • Again in URL there is ID of that organization node.

  • Now we have all necessary ID's, so we return to creating new 'Compare values in IdM with values in system'
  • Select System (the right one, which has the mapping we used)
  • Write in ID's of attributes as in picture bellow (seperated by comma)
  • Past Mapping ID
  • You can past tree node or as in our example select a fet identities.
  • Click on Generate report

  • Now report is generating, it could take a few minutes, based on how many attributes and how many identities are selected.
  • And then there is completed report, which can be downloaded xlsx or in json. Rather use xlsx version.

  • Example of report you can see bellow.
  • It shows status in first column, if identity has different selected attributes and Username in second. This is by default and it cannot be changed.
  • Next are attributes we selected.
  • For single value attributes:
  • If value is blue, it means in system and in IdM it is same.
  • Otherwise it will write in green 'IdM:value' and in red 'System:value' (column phone in picture bellow)
  • Multivalued attributes are not supported yet, only multivalued attributes with merge strategy (it is often used with Active Directory system for provisioning of membership - ldapGroups)
  • Blue values are same in IdM and in system
  • Red values are missing in IdM and are in System
  • Green values are in IdM and are missing in System

Override script

If you write new a script and want to change the current one, but it is in production. You can use this report, so you can be sure nothing bad happens. You can make report with the attribute and different script. Report will compare value transformed with this new script and value stored in system and you will have confirmation about changes that would happen.

  • Click on Setting and Script definitions and click on Add

  • You need here call that new script, which will override the current one. You can generate it in mapped attribut or copy existing one and and edit it. So write in call of that new script.
  • Let it in Standard category.
  • Write in description something like 'this script is used in report'.
  • write code and script name.
  • Click on Save and continue.

  • Again fill in System and mapping ID's
  • Fill in attributes ID's, but after attribute ID, which you want override script, write colon and code of script like ID:newScriptCallScript (look bellow on picture)

Thank you for reading this tutorial and I hope this tutorial and report is useful for you.

  • by stloukalp