Skip to main content

IBM 4690v5


The Identity functionalities of this connector enable Identity administrators to reset IBM 4690v5 OS passwords, and create associations between Identity users and OS users. OS Operators can reset their passwords via the Self-Service - Kiosk.
The Provisioning functionalities of this connector also  enable provisioning IBM 4690v5 OS accounts.


Fischer's IBM 4690v5 connector enables Identity administrators to reset IBM 4690v5 OS passwords, and create associations between Identity users and OS users. OS Operators can reset their passwords via the Self-Service - Kiosk. The connector also enables provisioning of IBM 4690v5 OS accounts.
Identity Integration
Product Feature Supported
Authenticate (Test Connection) Yes
Validate User Yes
Enable/Disable User Yes
Reset Password Yes
Expire Password Immediately Yes
Expire Password by Date No
Provisioning


Data Format

Export

Create

Modify

Delete

Trigger
IBM4690v5OS 

Yes

 Yes

Yes

 Yes No
Role

Yes

 Yes

Yes

 Yes Yes







Prerequisites


Ensure that these prerequisites are satisfied:

  • The connector system is installed, configured, and running.

  • A connector administrator account on the target platform is available.

  • See also "Listener Requirements" 

This project is integrated with IBM 4690 V5R1 or later, which is required, as it supports the Java 1.4.x virtual machine and Enhanced Security Passwords API.

Configuring the Connector Listener

This section contains these topics:

  • "Listener Requirements" 
  • "Installing the Listener" 
  • "Configuring the Listener" 
  • "Starting the Listener" 
  • "Running the Listener as a Service (Background Task)" 
  • "Upgrading the Listener" 
  • "Uninstalling the Listener" 


Listener Requirements

An operator account with sufficient authority to create and maintain the desired operators is required.

Resource Supported Platorsm
Operating system and other software 

IBM 4690 OS V5R1
OpenJDK 8

Processor

 IBM 4690 controller
Hard disk space 10 MB Free space for the listener plus space for log files 
RAM 128 MB

Installing the Listener

Refer to "Installing the IBM 4690v5 Supermarket App Java-Based Listener" for additional information.

  1. Create the directory C:\FISC, and FTP or copy installation files to that directory on all 4690 controllers. The .jar files must be transferred as binaries. When adding the 4690v5OS protocol handler to an existing listener installation, you only need to copy the 4690v5OSListener.jar file to the C:\FISC folder.

  2. Modify the parmfile configuration file as needed. See "Configuring the Listener" for details. When adding the 4690v5OS protocol handler to an existing listener installation, you only need to add the parmfile lines for the 4690v5OSListener (or uncomment them) to the existing parmfile. Be sure that the PROT* names do not conflict.

  3. If a directory other than C:\FISC was used, change the first two lines of the run.bat file to match the new drive and directory. When adding the 4690v5OS protocol handler to an existing listener installation, make sure that the classpath parameter (-cp "class path") includes the 4690v5OSListener.jar.

  4. Log in to a terminal session, change to the target directory and type run or follow the procedure documented in "Running the Listener as a Service (Background Task)".


Configuring the Listener

This sample parmfile describes the configuration specific to the IBM 4690v5 OS Java listener:

Where:

NAME is the Java entry point for the particular service.
HOST and PORT control the port that the Java listener is to listen on for service requests.

Starting the Listener

  1. Open a Telnet session to the 4690 controller.
  2. Open a DOS command window from within the Telnet session.
  3. Change to the listener installation directory (e.g., C:\FISC).
  4. Enter run.

Running the Listener as a Service (Background Task)

  1. Establish a Telnet session with the 4690 controller and log in as an administrator. This screen displays:


  2. From the SYSTEM MAIN MENU, select 4 Installation and Update Aids. This screen displays:


  3. Select 1 Change Configuration Data. This screen displays:


  4. Select 2 Controller Configuration. This screen displays:


  5. Press Enter until the Enter Store Controller ID’s message displays:


  6. Select MASTER CC and press Enter. This screen displays:


  7. Select CC Master & File Server and press Enter. This screen displays:


  8. Place an X by Background Application and press Enter. This screen displays:


  9. Select 1 Define a Background Application and press Enter. This screen displays:


  10. Enter this information:

    INITIAL MESSAGE FISC Provisioning Service
    PROGRAM NAME ADX_SPGM:COMMAND.286
    PARAMETER LIST -C C:\FISC\RUN.BAT

  11. Press Page Down. This screen displays:

  12. Enter this information

    START WHEN MASTER Y
    STOP WHEN NOT MASTER  N
    START WHEN NOT MASTER  Y
    STOP WHEN MASTER  N

  13. Press Page Down. This screen displays:

  14. Enter this information

    START WHEN
    FILE SERVER

    		 Y

    STOP WHEN
    NOT FILE SERVER

    		 N

    START WHEN
    NOT FILE SERVER

    		 N

    STOP WHEN
    FILE SERVER

    		 N

  15. When complete, press Enter. The message ADX_SPGM:COMMAND.286 has been saved displays:

  16. Press Esc. This screen displays:

  17. Select 4 Activate Configuration and press Enter. This screen displays:


  18. Select 2 Controller Configuration and press Enter. When configuration is complete, the message Configuration changes are being verified displays:


  19. Press Esc until the SYSTEM MAIN MENU displays:


  20. Press SysRq (~ or Alt+Print Screen). This screen displays:


  21. Press C to access STORE CONTROL FUNCTIONS. This screen displays:


  22. Select 2 Controller Functions and press Enter: This screen displays:


  23. Select 4 Load Controller Storage and press Enter. The message Type the controller ID to receive this command or * displays:


  24. Enter CC and press Enter. This screen displays:


  25. Press Y and then Enter when this message displays: Do you want to continue?

    The 4690 now re-IPLs and starts the service.

Upgrading the Listener

  1. Uninstall the old version.

  2. Install the new version.

Uninstalling the Listener

  1. Establish a Telnet session with the 4690 controller and log in as an administrator. This screen displays:


  2. From the SYSTEM MAIN MENU, select 4 Installation and Update Aids. This screen displays:


  3. Select 1 Change Configuration Data. This screen displays:


  4. Select 2 Controller Configuration. This screen displays:


  5. Press Enter until the Enter Store Controller ID’s message displays:


  6. Select MASTER CC and press Enter. This screen displays:


  7. Select CC Master & File Server and press Enter. This screen displays:


  8. Place an X by Background Application and press Enter. This screen displays:


  9. Select 3 Erase a Background Application and press Enter. This screen displays:


  10. Page down, place an X next to the FISC Provisioning Service and press Enter. This screen displays:


  11. Press Y when this message displays: The applications marked will be erased. Are you sure? (Y=Yes, N=No).
    Erase is complete.

  12. Press Esc until the CONFIGURATION screen displays:


  13. Select 4 Activate Configuration and press Enter. This screen displays:


  14. Select 2 Controller Configuration and press Enter. The message Configuration changes are being verified displays:


  15. Press Esc until the SYSTEM MAIN MENU displays:


  16. Press SysRq (~ or Alt+Print Screen). This screen displays:


  17. Press C to access STORE CONTROL FUNCTIONS. This screen displays:


  18. Select 2 Controller Functions and press Enter. This screen displays:


  19. Select 4 Load Controller Storage and press Enter. The message Type the controller ID to receive this command or * displays:


  20. Enter CC and press Enter. This screen displays:


  21. Press Y when this message displays: Do you want to continue?
    The 4690 now re-IPLs and starts the service.

  22. After the 4690 restarts, remove the C:\FISC folder and its contents.

Creating the Connected System in the Admin UI

At a minimum, this information is required:

  • Server:Port [;Server:Port[;Server:Port[...]]]
  • Admin ID: <4690 login ID>
  • Password: <password>

  1. Log in to Identity Administration and click the Systems tab.

  2. On the Connected System View page, click the Add button and select the Grouper connected system from the Type drop-down list. The Connected System Details page displays the default values:


  3. Enter the desired information:

    Definition 

    Supported Connectors
    Displays whether the connected system is Identity only, Provisioning only, or both.

    Password Policy
    Displays the name of the password policy associated with the connected system.

    Connected System Group
    Displays the name of the system group that includes this connected system.

    Note: If a password policy is associated with a connected system and then the connected system is placed in a group, the group’s password policy will override the connected system’s password policy. The password policy will be removed from the connected system.
    Type
    Select the connected system type.

    Locale
    Select the preferred language (default: English). Locale specific information such as Display Name and Description can be added only while modifying the connected system.
    Name
    The name for this connected system. Note: The name cannot be modified later.
    Display Name
    The display name of the new connected system.
    Description
    The description of the connected system.

    Associated With 
    Select how the connector associated with this system will run:

    • Server (default) - Runs locally on the Provisioning/Identity Server.
    • Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list.
    • See Using the Global Identity Gateway with Connected Systems for additional information.

    Password Reset By

    Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users:

    • OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system.
    • Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset).
    • External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system.

    Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
    Provisioning Option
    Select the provisioning option:
    • Automated (default) - The connected system functions as a normal connected system; there are no restrictions.
    • Administrative - The connected system cannot be used as an object in a workflow.
    Enable HPAM Support 
    Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity.
    Connection Information 

    Identity Listener
    The IP address or DNS name and port number of the IBM 4690 controllers, separated by semicolons (;), for example, CC.example.com:8333;DD.example.com:8333.

    Provisioning Listener
    The IP address or DNS name and port number of the IBM 4690 controllers, separated by semicolons (;), for example, CC.example.com:8444;DD.example.com:8444.

    Connection Timeout
    The maximum number of seconds to wait for the Web Service to respond before the connection attempt times-out. 0 means no time out.

    Service Account Name 
    The administrative user account.
    Service Account Password 
    The administrative user password.
    System Owner 
    Add or Remove users assigned as the owners of the system. Displays the Connected System Owner Search page for selecting users. The HPAM column indicates whether the system owner is authorized to use the HPAM feature. The Approvers column indicates whether the system owner is an approver in the approval process.

    Add PswdPolicy / Remove PswdPolicy
    Adds/removes a password policy to/from this connected system. If the connected system is associated with a Connected System Group, the buttons will be unavailable - all password policy assignments are defined at the group level (refer to Admin UI _ Systems _ Groups option).

  4. Click the Test Connection button to test the Connection Information:
    If successful, one or both of these messages may display:

    • Message: Connection from Provisioning to the connected system was established successfully.
      Message: Connection from Identity to the connected system was established successfully.

    • If unsuccessful, one or both of these messages may display

      Error: Failed to establish connection from Provisioning to the connected system.
      Error: Failed to establish connection from Identity to the connected system

      Note: If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity logs.

  5. Optional) To select owners of the system, click the System Owner Add button. The Connected System Owner Search page displays:


    1. Select the owners and then click the Select button. The system owner displays under the System Owner section:


      Note: More than one user can be assigned as an owner.

    2. To add additional system owners, click the Add button.

  6. On the Connected System Details page, click the Add button to save the configured connected system. The Object Category Association page displays a list of categories that are already associated and/or can be selected to add additional associations to this connected system:


    1. Select one or more available object categories or provide search criteria and click the Search button to find specific categories to select. If there are no available categories to select, proceed to Step 8.

    2. Click the Add Association button to associate the selected object categories to the connected system.

  7. Click the Back button to return to the Connected System View page. The new connected system displays in the list.

See Copying, Modifying, and Deleting Connected Systems for additional information.

Creating the Connected System in the Studio

  1. Log in to the Workflow and Connectivity Studio and click Connectivity ► Add Systems on the menu bar. The Add Connected Systems window displays.

  2. Select the IBM 4690v5 OSconnected system from the Type drop-down list. The default values display

  3. Enter the desired information:

    Definition 
    Type
    Select the connected system type.
    Name 
    The name for this connected system. Note: The name cannot be modified later.
    Display Name 
    The display name of the new connected system.
    Description 
    The description of the connected system.
    Supported Connectors 
    Displays whether the connected system is Identity only, Provisioning only, or both. Only connectors that support Provisioning are available here.
    Associated With 
    Select how the connector associated with this system will run:
    • Server (default) - Runs locally on the Provisioning/Identity Server.
    • Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list.

    See the Using the Global Identity Gateway with Connected Systems for additional information.

    Password Reset By
    Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users:

    • OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system.
    • Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset).
    • External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system.

    Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.

    Provisioning Option 
    Select the provisioning option:

    • Automated (default) - The connected system functions as a normal connected system; there are no restrictions.
    • Administrative - The connected system cannot be used as an object in a workflow.
    Enable HPAM Support 
    Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity.
    Connection Information 

    Host 
    The IP address or host name of the server (e.g., 10.102.200.20 or localhost).

    Port 
    The port number.

    Web Service Context 
    The URL context of Grouper Web service. 
    Service Account Name 
    The name of the administrative user account used to connect to the server. The Select button displays the Select DN from LDAP Directory window to select the DN value.
    Service Account Password 
    The administrative user password.

    Use HTTPS 
    Specifies SSL protection. This is required in a production environment, as both administrative and user passwords are transmitted in plain text.
    Note: This connector uses the Java keystore for SSL communication with the system. See the guide Configuring SSL for additional information about enabling SSL.

    Connection Timeout 
    The maximum number of seconds to wait for the Web Service to respond before the connection attempt times-out. 0 means no time out.

  4. Click the Connect button to test the Connection Information:

    • If successful, this message displays:

    Connection from Studio to the connected system was established successfully.

    • If unsuccessful, this message displays:

    Failed to establish connection from Studio to the connected system.

    Note: If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity logs.


  5. Click the Apply button to apply changes. The Category Association window displays.


    1. Select one or more object categories from the Available Categories list or enter a category name and click the Search button to find a specific category to select. If there are no available categories to select, proceed to Step 6.

    2. Click the Add button to associate the selected object categories to the connected system.

  6. Click OK to accept selected categories.

See Copying, Modifying, and Deleting Connected Systems for additional information.

Using the Connected System for Identity

Perform these procedures to configure the connector:

  • "Connector Details for Identity"

Connector Details for Identity

This table lists values to enter when associating the Identity user with an existing user in the connected system:

Connector Details for Identity
Field System Attribute Example Value
Login ID operator BLANE
Account ID operator BLANE


Identity Password Management

See Identity Suite Administration documentation for details on password management.


Using the Connected System for Provisioning


Perform these procedures to configure the connector:

  • "Configuring for Export" 

  • "Configuring for Import" 

  • "Connector Details for Provisioning"

Note: If the number of records to be processed exceeds one thousand, we recommend configuring the workflow to use bulk mode, which lowers the memory consumption of the system by streaming data to files. Because data is streamed for every task, performance of the workflow execution will be decreased due to increased read-write operations. See the Workflow and Connectivity Studio document for details on how to configure bulk mode.

Configuring for Export


Perform these procedures to configure the connector for data export:

  • "Configuring the Export Connector"
  • "Configuring the Export Link" 

From the Workflow and Connectivity Studio, select the IBM 4690v5 OS UserExport workflow listed under the projects folder.

If a workflow does not already exist, create an export workflow. See  Workflow and Connectivity Studio documentation for details on creating export workflows.

Configuring the Export Connector

  1. In the Design pane, double-click the export object (the first workflow object after the Start object). The Configure Data Source window displays:


  2. From the Configure Plug-in tab, set these properties as required:

    Associated Connected System
    Select the connected system from the list. The export operation will be done from this connected system.
    Data Formats 
    Select the type of data format to use: Profiles (default) or ChangeLog.
    DeltaExportMode

    Select the type of attribute to export if a change takes place (this works in conjunction with ExportMode when DeltaExport is selected):

    • OnlyChangedAttributes - Performs a partial export of only the changed attributes from the last time the query was run.
    • ChangedAndMandatoryAttributes (default) - Performs a partial export of both changed and mandatory attributes from the last time the query was run. Mandatory attributes are exported whether they have been changed or not.
    • AllAttributes - Performs a full export of all attributes that contain a value.
    DynamicConnectedSystem
    Select the global variable to use as the dynamic connected system name. This works in conjunction with DynamicConnectedSystemOption when GlobalVariable is selected.
    DynamicConnectedSystemOption 
    Select how to control Dynamic System Support (DSS):
    • None - There will not be any Dynamic System Support.
    • Transaction-SystemName - The value of the Transaction-SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction-SystemName; if it is missing in data, the operation will fail.
    • GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.

    ExportMode
    Select the type of data to export:

    • FullExport - Exports all attributes.
    • DeltaExport - Exports changed, mandatory, or all attributes, depending on the DeltaExportMode property setting.

    ReadName
    If this attribute is given a value, only an operator of this name is exported.

    ReadType
    Select whether models, users, or both models and users are exported.

    Note: Hover the pointer over a property to view its description.

  3. (Optional) Select the Attributes tab. Only standard attributes display:



    Modify schema attributes using these buttons.

    Add 
    Adds additional attributes to the list. The Add New Attribute dialog displays.
    Export 
    Exports the schema list to an XML file.
    Import
    Imports the schema list from an XML file.
    Refresh Schema 
    Dynamically discovers the schema from the target LDAP system. It also includes local as well as global attributes added in the Studio.
    Reset Schema 
    Resets the schema definition to the default schema prepackaged with the IdM Suite, plus any global variable added.
  4. Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.

  5. Click OK to save any changes and return to the Workflow and Connectivity Studio window.

  6. In the Design pane, double-click the export link between the export object (the first workflow object after the Start object) and the Data Mapper object. The Configure Link window displays:



    Description
    Source Attributes 
    Select the attributes to export.
    Selected Attributes 
    Displays default attributes and those attributes that have been selected from the Source Attributes. 
    Notes: The check boxes are used only for delta export operations. These checked attributes will always be exported whether they were changed or not. Usually, the attributes that are selected as mandatory attributes help in identifying or verifying an entry when completing mapping functions.
    Format
    Displays the Format Date window to specify a date/time format to be applied to the selected date type attribute, for example, whenChanged. During export, the attribute’s value is converted to the specified format. See the Format Date steps below for additional information.
    Notes:
    • The Format button is only enabled for date attributes.
    • The Refresh Schema button on the Configure Data Source window’s Attributes tab must be used to refresh the schema and enable the Format button for date attributes.
    Advanced Settings 
    Displays the Configure Attributes window for configuring advanced settings for attributes. See the Configure Attributes window on page 39 for additional information.
  7. From the Attribute Selection tab, select attributes to export.

  8. (Optional) Click the Format button to specify a date/time format to be applied to the selected date type attribute. The Format Date window displays.

    1. Select the Include Time check box to add the timestamp with the date.
    2. Select the 24 Hour or 12 Hour option button and then select the required date/time format.
    3. Click OK to save the selected format. The Configure Link window displays.

  9. Click OK to save any changes and return to the Workflow and Connectivity Studio window.

  10. Deploy the workflow by selecting Deploy ► New Deployment. See the Workflow and Connectivity Studio documentation for details of deployment options.

  11. Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.

Configuring for Import


Perform these procedures to configure the connector for data import:

  • Configuring the Import Connector
  • Configuring the Import Link

From the Workflow and Connectivity Studio, select the IBM 4690v5 OS UserAdd, UserModify, or UserDelete workflow listed under the projects folder.

If a workflow does not already exist, create an import workflow. See the Workflow and Connectivity Studio documentation for details on creating import workflows.

Configuring the Import Connector

  1. In the Design pane, double-click the import object (the last workflow object). The Configure Data Source window displays:


  2. From the Configure Plug-in tab, set these properties as required:

    Associated Connected System
    Select the connected system from the list. The import operation will be done to this connected system. 
    Data Formats 
    Select the type of data format to use: Profiles (default) or ChangeLog.
    DynamicConnectedSystem
    Select the global variable to use as the dynamic connected system name. This works in conjunction with DynamicConnectedSystemOption when GlobalVariable is selected.
    DynamicConnectedSystemOption
    Select how to control Dynamic System Support (DSS):
    • None - There will not be any Dynamic System Support.
    • Transaction-SystemName - The value of the Transaction-SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction-SystemName; if it is missing in data, the operation will fail.
    • GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.

    See the Dynamic System Support appendix in the Workflow and Connectivity Studio document for additional information.

    Id *
    Enter the attribute that contains the value used to uniquely identify the user account user ID on the connected system.

    loginId *
    Enter the attribute that contains the value used to uniquely identify the user account login ID on the connected system.

    SubRecordsInFoldedState 
    If this property is TRUE, connector will accept sub records folded as attribute.

    Notes:

    * Id and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_ID and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details.

    Hover the pointer over a property to view its description.

  3. (Optional) Select the Attributes tab. Only standard attributes display:



    Modify schema attributes using the buttons:

  4. Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.

  5. Click OK to save any changes and return to the Workflow and Connectivity Studio window.

    Configuring the Import Link

  6. In the Design pane, double-click the import link between the Data Mapper object and the import object (the last workflow object). The Configure Link window displays:



    Source Attributes 
    Select the attributes to import.

    Check for attribute-level auditing.
    If auditing is enabled and these attributes below are checked, Provisioning will log all events for auditing purposes. 
    Selected Attributes 
    Displays default attributes and those attributes that have been selected from the Source Attributes. Note: The default attributes are those that are commonly used to create a new user.
    Advanced Settings 
    Displays the Configure Attributes window for configuring advanced settings for attributes. Under the Encrypted column, check the box of any attribute that needs to be encrypted.
    Under the Diff With Target column, check the box of any attribute to update using differencing (DiffWithTarget, AddDiffWithTarget, and RemoveDiffWithTarget).

    Audit Key 
    Select the attribute to associate with the Audit Key.

  7. From the Attribute Selection tab, select attributes to import.

  8. (Optional) Select the Appearance tab to change how the link displays in the Design pane.

  9. Click OK to save any changes and return to the Workflow and Connectivity Studio window.

  10. Deploy the workflow by selecting Deploy ► New Deployment
    See the Workflow and Connectivity Studio  for details of deployment options.

  11. Manage and run the deployed workflow from the Admin UI ► Server tab
    See the Identity Suite Administration documentation for details.

Connector Details for Provisioning

Configuration import properties Id and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_ID and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details.

This table shows the default attributes specified for these properties for the connected system:

Configuration Import Properties
Import Property System Attribute

Id

 username
loginId username


IBM 4690v5 Connector Attributes

 The items in the  Create, Modify columns have these meanings:

  • Y = Yes (attribute is supported for this operation)
  • N = No (attribute is not supported for this operation)
  • R = Required (attribute is mandatory for this operation)


Notes:

  • The attributes which contains '->' in name are multi-level attributes. Multi-level attributes can be repeated as a set.
  • All Group and Role attributes can be exported.
  • While modifying/deleting an existing group, the IDPath attribute is case sensitive.
  • For group membership modification/delete, Member->ID and Member->SourceId attributes are case sensitive.
  • For group privilege modification/delete, PrivilegedEntity->ID, PrivilegedEntity->SourceId and PrivilegedEntity->Name attributes are case sensitive.
  • While modifying/deleting custom attributes, the CustomAttribute->Name attribute is case sensitive.
  • For role permission modification/delete, Permission->Name attribute is case sensitive.

IBM 4690v5 Connector Attributes

Name

 MV

Export

 Create Modify Delete Description
authattrs N Y Y Y N Authorization attributes.

group

 N Y Y Y N Group ID.
istemplate  N Y Y Y N True, Yes, or 1 indicates that this entry is a template.
operator Y Y R Y R Operator (user) ID used to log in.
password Y Y R Y N Password associated with the operator.
template N Y Y Y N Template or operator ID used to create new operator IDs.
user N Y Y Y N User ID.
userattrs N Y Y Y N User defined attributes.

Troubleshooting

FLEXOSEXCEPTION (rc=0x80e70010): Too many sessions.Log in to the Workflow and Connectivity Studio and double-click the Data Mapper object on the Design pane. The Configure Data Mapper window displays.

This error occurs when too many users are attempting to access the 4690 Enhanced Security features at the same time.
These users may include:

  • The Identity Server / Provisioning Server (via the 4690 Agent listener).
  • The 4690 Enhanced Security application (via Telnet session).
  • Other applications that request a “security session”.

Recommended procedures:

  • Design workflows that will retry the operation after an appropriate delay (the entire import/export operation will fail when this issue occurs).
  • Establish business procedures that prevent manual (Telnet) provisioning or maintenance from occurring at the same time as workflow execution.
  • Minimize the amount of time spent in the manual (Telnet) interface, because this will impact all areas of the IdM Suite, including user password resets.

071130 15:27:43 Unable to load protocol implementation class 'com.fisc.AgentListener.IBM4690.IBM4690v5OSListener.proto4690v5OS'.

This error occurs when the named protocol handler is not found in the class path. The corresponding .jar file may not have been copied to the listener directory, or the filename is not included in the classpath.

Was this article helpful?