The connector only supports provisioning.

The functionalities of this connector enable exporting and importing user accounts on an IBM Informix Database system.

Functionalities

Provisioning Integration

Prerequisites

Ensure that these prerequisites are satisfied:

• Informix is installed, configured, and
• An administrator account that can be used to establish a connection and has authority to manage accounts on the connected

Creating the Connected System in the Admin UI

1. Log in to Identity Administration and click the Systems tab.

2. On the Connected System View page, click the Add button and select the IBM Informix Database connected system from the Type drop-down list. The Connected System Details page displays the default values:

   

   
   

3. Enter the desired information:

   Definition
   Supported Connectors	Displays whether the connected system is Identity only, Provisioning only, or both.
   Type	Select the connected system type.
   Locale	Select the preferred language (default: English). Locale specific information such as Display Name and Description can be added only while modifying the connected system.
   Name	The name for this connected system. Note: The name cannot be modified later.
   Display Name	The display name of the new connected system.
   Description	The description of the connected system.
   Associated With	Select how the connector associated with this system will run: Server (default) - Runs locally on the Provisioning/Identity Server. Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list. See Using the Global Identity Gateway with Connected Systems for additional information.
   Password Reset By	Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users: OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system. Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system. Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
   Provisioning Option	Select the provisioning option: Automated (default) - The connected system functions as a normal connected system; there are no restrictions. Administrative - The connected system cannot be used as an object in a workflow.
   Enable HPAM Support	Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity.
   Connection Information
   Informix Server	The DN or IP address and port number of the server.
   Host	The IP address or host name of the server (e.g., 10.102.200.20 or localhost).
   Port	The database port number.
   Service Account Name	The name of the administrative user account used to connect to the server.
   Service Account Password	The administrative user password.
   Initial DB	The SID or Service Name to connect.
   Maximum Connection Pool Size	Select the maximum number of connections that can be created in the connection pool by the connector. As needed, the connection pool will grow only to this maximum limit.
   System Owner	Add or Remove users assigned as the owners of the system. Displays the Connected System Owner Search page for selecting users. The HPAM column indicates whether the system owner is authorized to use the HPAM feature. The Approvers column indicates whether the system owner is an approver in the approval process.

4. Click the Test Connection button to test the Connection Information:
        

   • If successful, this message may display:
     Message: Connection from Provisioning to the connected system was established successfully.
     

   • If unsuccessful, this message may display
     

     Error: Failed to establish connection from Provisioning to the connected system.

     Note: If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity logs.
     
     

5. (Optional) To select owners of the system, click the System Owner Add button. The Connected System Owner Search page displays:
   
   
   

   1. Select the owners and then click the Select button. The system owner displays under the System Owner section:

      
      

      Note: More than one user can be assigned as an owner.
      
      

   2. To add additional system owners, click the Add button.
      
      

6. On the Connected System Details page, click the Add button to save the configured connected system. The Object Category Association page displays a list of categories that are already associated and/or can be selected to add additional associations to this connected system:
   
   
   

   1. Select one or more available object categories or provide search criteria and click the Search button to find specific categories to select. If there are no available categories to select, proceed to Step 7.

   2. Click the Add Association button to associate the selected object categories to the connected system.
      
      

7. Click the Back button to return to the Connected System View page. The new connected system displays in the list.

See Copying, Modifying, and Deleting Connected Systems for additional information.

Creating the Connected System in the Studio

1. Log in to the Workflow and Connectivity Studio and click Connectivity ► Add Systems on the menu bar. The Add Connected Systems window displays.
   
   
2. Select the IBM Informix Database connected system from the Type drop-down list. The default values display:
   
   
   

3. Enter the desired information:

   Definition
   Type	Select the connected system type.
   Name	The name for this connected system. Note: The name cannot be modified later.
   Display Name	The display name of the new connected system.
   Description	The description of the connected system.
   Supported Connectors	Displays whether the connected system is Identity only, Provisioning only, or both. Only connectors that support Provisioning are available here.
   Associated With	Select how the connector associated with this system will run: Server (default) - Runs locally on the Provisioning/Identity Server. Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list. See the appendix Using the Global Identity Gateway with Connected Systems for additional information.
   Password Reset By	Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users: OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system. Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system. Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
   Provisioning Option	Select the provisioning option: Automated (default) - The connected system functions as a normal connected system; there are no restrictions. Administrative - The connected system cannot be used as an object in a workflow.
   Enable HPAM Support	Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity.
   Connection Information
   Informix Server	The DN or IP address and port number of the server.
   Host	The IP address or host name of the server (e.g., 10.102.200.20 or localhost).
   Port	The database port number.
   Service Account Name	The name of the administrative user account used to connect to the server.
   Service Account Password	The administrative user password.
   Initial DB	The SID or Service Name to connect.
   Maximum Connection Pool Size	Select the maximum number of connections that can be created in the connection pool by the connector. As needed, the connection pool will grow only to this maximum limit.

4. click the Connect button to test the Connection Information:

   • If successful, this message displays:

   Connection from Studio to the connected system was established successfully.

   • If unsuccessful, this message displays:

   Failed to establish connection from Studio to the connected system.

   Note: If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity logs.

   
   

5. Click the Apply button to apply changes. The Category Association window displays.
   
   

   1. Select one or more object categories from the Available Categories list or enter a category name and click the Search button to find a specific category to select. If there are no available categories to select, proceed to Step 6.
      
      

   2. Click the Add button to associate the selected object categories to the connected system.
      
      

6. Click OK to accept selected categories.

See Copying, Modifying, and Deleting Connected Systems for additional information.

Using the Connected System for Provisioning

Perform these procedures to configure the connector:

• Configuring for Export 

• Configuring for Import 

• Connector Details for Provisioning

Note: If the number of records to be processed exceeds one thousand, we recommend configuring the workflow to use bulk mode, which lowers the memory consumption of the system by streaming data to files. Because data is streamed for every task, performance of the workflow execution will be decreased due to increased read-write operations. See the Workflow and Connectivity Studio document for details on how to configure bulk mode.

Configuring for Export

Perform these procedures to configure the connector for data export:

• Configuring the Export Connector
• Configuring the Export Link 

From the Workflow and Connectivity Studio, select the IBM Informix Database UserExport workflow listed under the projects folder.

If a workflow does not already exist, create an export workflow. See  Workflow and Connectivity Studio documentation for details on creating export workflows.

Configuring the Export Connector

1. In the Design pane, double-click the export object (the first workflow object after the Start object). The Configure Data Source window displays:
   
   
   

2. From the Configure Plug-in tab, set these properties as required:

   Associated Connected System	Select the connected system from the list. The export operation will be done from this connected system.
   Data Formats	Select the type of data format to use: Tables - Fetches the data from a table (this is the only data format supported at this time).
   DeltaExportMode	Select the type of attribute to export if a change takes place (this works in conjunction with ExportMode when DeltaExport is selected): OnlyChangedAttributes - Performs a partial export of only the changed attributes from the last time the query was run. ChangedAndMandatoryAttributes (default) - Performs a partial export of both changed and mandatory attributes from the last time the query was run. Mandatory attributes are exported whether they have been changed or not. AllAttributes - Performs a full export of all attributes that contain a value.
   DynamicConnectedSystem	Select the global variable to use as the dynamic connected sys- tem name. This works in conjunction with DynamicCon- nectedSystemOption when GlobalVariable is selected.
   DynamicConnectedSystemOption	Select how to control Dynamic System Support (DSS): None - There will not be any Dynamic System Support. Transaction-SystemName - The value of the Transaction- SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction- SystemName; if it is missing in data, the operation will fail. GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
   ExcludeEmptyFields	Select how to process null fields: ·FALSE - Returns null fields with empty values. ·TRUE - Ignores null fields.
   ExecuteGIGAssociatedTaskAsynchronously	If this property is True, GIG associated tasks will execute asynchronously.
   ExportMode	Select the type of data to export: FullExport - Exports all attributes. DeltaExport - Exports changed, mandatory, or all attributes, depending on the DeltaExportMode property setting.
   MaximumRows	Select the maximum number of records to be exported (default: 0 [zero, for unlimited]).
   ModifyIfEntryExists	Select whether to perform a modify operation if an add operation fails (default: FALSE).
   Note: Hover the pointer over a property to view its description.

3. Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
   
   

4. Click OK to save any changes and return to the Workflow and Connectivity Studio window.

   Configuring the Export Link

5. In the Design pane, double-click the export link between the export object (the first workflow object after the Start object) and the Data Mapper object. The Configure Link window displays:

   

   
   

   Element	Description
   Database	Select the database name: Static - Select from the Database Name drop-down list. Dynamic - Select from the Global Variable drop-down list.
   	Select the database source for the selected fields: Tables or Views.
   Tables	Lists the schema tables available for export.
   Fields	Lists the fields available for export.
   Check attributes for delta export.
   Selected Fields	Lists the selected schema table fields for export. Note: The check boxes are used only for delta export operations. These checked attributes will always be exported whether they were changed or not. The Format button specifies a desired date/time format to be applied to a selected date type field. Only selected date fields will be able to apply a date/ time format to their value.
   Advanced Settings	Displays the Configure Attributes window for selecting any attributes that need to be encrypted.
   SQL Query	Displays the SQL query run against the database. The Edit button edits the query.
   Where Clause	Displays the where clause in the SQL Query. Note: This text area is editable only when the Update Manually option button is selected.
   Update	Select one of these update option buttons: Automatically - The where clause is updated automatically. Manually - The where clause can be edited manually in the text area.
   Preferred Key(s)	Select the field(s) in the Selected Fields list: Set Key - Sets the primary key. Get Key - Gets the Preferred Key(s) of the selected table/view.

6. Perform these steps.
   
   
   1. Select a database from the Schema Select whether the source is Tables or Views. Select the table or view from the Tables/Views list. Select the fields from the Fields list to export and add them to the Selected Fields list. Select the field(s) from the Selected Fields list that require a date and/or time format and click the Format button. The Format Date window displays.
      
      
   2. Select the Include Time check box to add the timestamp with the date. Select the 24 Hour or 12 Hour option button and then select the required date/time Click OK to save the selected format. The Configure Link window displays.
      
      
   3. Perform one of these steps:
      
      • Select the field(s) in the Selected Fields list and click the Set Key button to set the primary

        Or

        
        

      • Click the Get Key button to get the Preferred Key(s) of the selected table/view.
        
        
   4. Edit the query here or click the Edit button.
      Notes:
      • Query modifications can also be done manually after all fields are This field also supports copy/paste from other sources.
        
        
      • When formatting a SQL query with functions such as rtrim, ltrim, convert, and to_char, you must write the query as in this example before formatting:
        Select PSOPRDEFN_DF.EMPLID, PSOPRDEFN_DF.OPRID from PSOPRDEFN_DF
        
        After formatting:
        Select rtrim(PSOPRDEFN_DF.EMPLID)
        as EMPLID, PSOPRDEFN_DF.OPRID
        from PSOPRDEFN_DF
        
        
      • You can set up a dynamic database query when one workflow is initiated by another workflow or trigger. For example, when a data change occurs you can set the query to dynamically substitute the trigger data in the This will return only specific records for the substituted value.
        
        
      • To filter the search data, enter a WHERE or AND clause at the end of the query or in the Where Clause text area with syntax such as TABLE.COLUMN='##CN##'. Note that single quotation marks ( ' ) must be used outside of the ## syntax for a database.
        
        
      • Check the boxes in the Selected Fields list to set mandatory attributes.
7. Click OK to save any changes and return to the Workflow and Connectivity Studio window.
   
   
8. Deploy the workflow by selecting Deploy ► New Deployment. See the Workflow and Connectivity Studio documentation for details of deployment options.
   
   
9. Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.

Configuring for Import

Perform these procedures to configure the connector for data import:

• Configuring the Import Connector
• Configuring the Import Link
  
  

From the Workflow and Connectivity Studio, select the IBM Informix Database UserAdd, UserModify, or UserDelete workflow listed under the projects folder.

If a workflow does not already exist, create an import workflow. See the Workflow and Connectivity Studio documentation for details on creating import workflows.

Configuring the Import Connector

1. In the Design pane, double-click the import object (the last workflow object). The Configure Data Source window displays:
   
   
   

2. From the Configure Plug-in tab, set these properties as required:

   Associated Connected System	Select the connected system from the list. The import operation will be done to this connected system.
   Data Formats	Select the type of data format to use: Tables - Inserts the data to the table (this is the only data format supported at this time).
   DynamicConnectedSystem	Select the global variable to use as the dynamic connected sys- tem name. This works in conjunction with DynamicCon- nectedSystemOption when GlobalVariable is selected.
   DynamicConnectedSystemOption	Select how to control Dynamic System Support (DSS): ·  None - There will not be any Dynamic System Support. ·  Transaction-SystemName - The value of the Transaction- SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction- SystemName; if it is missing in data, the operation will fail. ·  GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
   ExecuteGIGAssociatedTaskAsynchronously	If this property is True, GIG associated tasks will execute asynchronously.
   Id *	Enter the attribute that contains the value used to uniquely identify the user account user ID on the connected system.
   loginId *	Enter the attribute that contains the value used to uniquely identify the user account login ID on the connected system.
   MaxConcurrentEntryProcessing	Specify the maximum number of entries to be processed concurrently. For each concurrent process, the connector creates new resource threads and connections. Therefore, it is important to set this property based on resource availability. When the MaxConcurrentEntryProcessing property is set, multiple entries are processed in parallel, thereby reducing the time taken for bulk import tasks.
   ModifyIfEntryExists	Select whether to perform a modify operation if an add operation fails (default: FALSE).
   Notes: * Id and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_ID and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details. Hover the pointer over a property to view its description.

3. Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
4. Click OK to save any changes and return to the Workflow and Connectivity Studio window.
   
   
   

   Configuring the Import Link

5. In the Design pane, double-click the import link between the Data Mapper object and the import object (the last workflow object). The Configure Link window displays:

   
   
   

   Element	Description
   Database	Select the database name: Static - Select from the Database Name drop-down list. Dynamic - Select from the Global Variable drop-down list. Select the database source for the selected fields: Tables or Views.
   Tables	Lists the schema tables available for import.
   Fields	Lists the fields available for import.
   Check for attribute-level auditing.	If auditing is enabled and these fields below are checked, Provisioning will log all events for auditing purposes.
   Selected Fields	Lists the selected schema table fields for import. The Set As Function button specifies system functions in the insert/update value in the import query for the selected attribute (e.g., sysdate, now). The Format button specifies a desired date/time format to be applied to a selected date type field. Only selected date fields will be able to apply a date/ time format to their value.
   SQL Query	Displays the SQL query run against the database. The Edit button edits the query.
   Import using template format	Generates the import query using the given format. The actual query is generated by substituting the ##attribute name## with the values given to the import task. Template - Generates the template for the import query in the SQL Query text area.
   Where Clause	Displays the where clause in the SQL Query. Note: This text area is editable only when the Update Manually option button is selected.
   Update	Select one of these update option buttons: Automatically - The where clause is updated automatically. Manually - The where clause can be edited manually in the text area.
   Advanced Settings	Displays the Configure Attributes window for selecting any attributes that need to be encrypted.
   Preferred Key(s)	Select the field(s) in the Selected Fields list: Set Key - Sets the primary key. Get Key - Gets the Preferred Key(s) of the selected table/view.
   Audit Key	Select the attribute to associate with the Audit Key.

6. From the Datasource tab, perform these steps.
   
   
   1. Select a Schema from the drop-down list. Select the table from the Tables Select the fields from the Fields list.
      
      
   2. Perform one of these steps:
      
      
      • Select the field(s) in the Selected Fields list and click the Set Key button to set the primary key.
        
        Or
        
        
      • Click the Get Key button to get the Preferred Key(s) of the selected table/view.
   3. The SQL Query list displays the SQL query run against the You can edit the query here or click the Edit button.
      
      
   4. Check the boxes in the Selected Fields list to enable auditing of the attributes.
      
      
7. Click OK to save any changes and return to the Workflow and Connectivity Studio window.
   
   
8. Deploy the workflow by selecting Deploy ► New Deployment.
   See the Workflow and Connectivity Studio document for details of deployment options.
   
   

9. Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.

Connector Details for Provisioning

Configuration import properties Id and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_ID and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details.