The connector only supports provisioning.
The functionalities of this connector enable exporting and importing user accounts on an IBM Informix Database system.
Functionalities
Provisioning Integration
Data Format |
Export |
Create |
Modify |
Delete |
Trigger |
---|---|---|---|---|---|
Tables |
Yes |
Yes |
Yes |
Yes |
No |
Prerequisites
Ensure that these prerequisites are satisfied:
- Informix is installed, configured, and
- An administrator account that can be used to establish a connection and has authority to manage accounts on the connected
Creating the Connected System in the Admin UI
Log in to Identity Administration and click the Systems tab.
-
On the Connected System View page, click the Add button and select the IBM Informix Database connected system from the Type drop-down list. The Connected System Details page displays the default values:
-
Enter the desired information:
Definition Supported Connectors
Displays whether the connected system is Identity only, Provisioning only, or both. Type
Select the connected system type. Locale
Select the preferred language (default: English). Locale specific information such as Display Name and Description can be added only while modifying the connected system. Name The name for this connected system. Note: The name cannot be modified later. Display Name The display name of the new connected system. Description The description of the connected system. Associated With
Select how the connector associated with this system will run:
- Server (default) - Runs locally on the Provisioning/Identity Server.
- Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list.
- See Using the Global Identity Gateway with Connected Systems for additional information.
Password Reset By
Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users:
- OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system.
- Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset).
- External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system.
Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
Provisioning Option Select the provisioning option: - Automated (default) - The connected system functions as a normal connected system; there are no restrictions.
- Administrative - The connected system cannot be used as an object in a workflow.
Enable HPAM Support
Select to make the connected system HPAM enabled (default: cleared). Note: This can only be set for systems that support Identity. Connection Information Informix Server The DN or IP address and port number of the server. Host The IP address or host name of the server (e.g., 10.102.200.20 or localhost). Port The database port number. Service Account Name The name of the administrative user account used to connect to the server. Service Account Password
The administrative user password. Initial DB The SID or Service Name to connect. Maximum Connection Pool Size
Select the maximum number of connections that can be created in the connection pool by the connector. As needed, the connection pool will grow only to this maximum limit. System Owner Add or Remove users assigned as the owners of the system. Displays the Connected System Owner Search page for selecting users. The HPAM column indicates whether the system owner is authorized to use the HPAM feature. The Approvers column indicates whether the system owner is an approver in the approval process. -
Click the Test Connection button to test the Connection Information:
If successful, this message may display:
Message: Connection from Provisioning to the connected system was established successfully.- If unsuccessful, this message may display
Error: Failed to establish connection from Provisioning to the connected system.
Note: If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity logs.
-
(Optional) To select owners of the system, click the System Owner Add button. The Connected System Owner Search page displays:
-
Select the owners and then click the Select button. The system owner displays under the System Owner section:
Note: More than one user can be assigned as an owner.
To add additional system owners, click the Add button.
-
- On the Connected System Details page, click the Add button to save the configured connected system. The Object Category Association page displays a list of categories that are already associated and/or can be selected to add additional associations to this connected system:
Select one or more available object categories or provide search criteria and click the Search button to find specific categories to select. If there are no available categories to select, proceed to Step 7.
Click the Add Association button to associate the selected object categories to the connected system.
Click the Back button to return to the Connected System View page. The new connected system displays in the list.
See Copying, Modifying, and Deleting Connected Systems for additional information.
Creating the Connected System in the Studio
- Log in to the Workflow and Connectivity Studio and click Connectivity ► Add Systems on the menu bar. The Add Connected Systems window displays.
-
Select the IBM Informix Database connected system from the Type drop-down list. The default values display:
-
Enter the desired information:
Definition Type
Select the connected system type.
Name
The name for this connected system. Note: The name cannot be modified later.
Display Name
The display name of the new connected system.
Description
The description of the connected system.
Supported Connectors
Displays whether the connected system is Identity only, Provisioning only, or both. Only connectors that support Provisioning are available here.
Associated With
Select how the connector associated with this system will run:
- Server (default) - Runs locally on the Provisioning/Identity Server.
- Global Identity Gateway - Runs remotely on a Global Identity Gateway cluster member. Note: Only GIG clusters that have at least one registered and enabled member will display in this list.
See the appendix Using the Global Identity Gateway with Connected Systems for additional information.
Password Reset By
Enables administrators to configure password management functions normally available to Users and OBO (On Behalf Of) Users:
- OBO User Only - Connected system and account association information is displayed only in Self-Service user management (for OBO Users). OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset). End users will not see their accounts on this connected system in Self-Service and Kiosk; therefore, they cannot reset passwords for accounts on this connected system.
- Users and OBO User - Connected system and account association information is displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users can reset passwords for accounts on this connected system. Administrators can perform all user management functions for this connected system (e.g., enable/disable, validate, associate user, and password reset).
- External - Connected system and account association information is not displayed in Self-Service password reset, Self-Service - Kiosk, and Self-Service user management. Self-Service users, Kiosk users, and OBO Users cannot reset passwords for accounts on this connected system.
Note: When user management configuration enables OBO Users to perform password resets, this definition must be set to OBO User Only or Users and OBO User. For connectors that support Provisioning only, there is no password reset capability.
Provisioning Option
Select the provisioning option:
- Automated (default) - The connected system functions as a normal connected system; there are no restrictions.
- Administrative - The connected system cannot be used as an object in a workflow.
Enable HPAM Support
Select to make the connected system HPAM enabled (default: cleared).
Note: This can only be set for systems that support Identity.
Connection Information
Informix Server
The DN or IP address and port number of the server.
Host
The IP address or host name of the server (e.g., 10.102.200.20 or localhost).
Port
The database port number.
Service Account Name
The name of the administrative user account used to connect to the server.
Service Account Password
The administrative user password.
Initial DB
The SID or Service Name to connect.
Maximum Connection Pool Size
Select the maximum number of connections that can be created in the connection pool by the connector. As needed, the connection pool will grow only to this maximum limit.
-
click the Connect button to test the Connection Information:
- If successful, this message displays:
Connection from Studio to the connected system was established successfully.
- If unsuccessful, this message displays:
Failed to establish connection from Studio to the connected system.
Note: If the connection fails, additional messages may display providing more information regarding the failure, and additional information may be posted to the Provisioning and Identity logs.
-
Click the Apply button to apply changes. The Category Association window displays.
Select one or more object categories from the Available Categories list or enter a category name and click the Search button to find a specific category to select. If there are no available categories to select, proceed to Step 6.
Click the Add button to associate the selected object categories to the connected system.
Click OK to accept selected categories.
See Copying, Modifying, and Deleting Connected Systems for additional information.
Using the Connected System for Provisioning
Perform these procedures to configure the connector:
Note: If the number of records to be processed exceeds one thousand, we recommend configuring the workflow to use bulk mode, which lowers the memory consumption of the system by streaming data to files. Because data is streamed for every task, performance of the workflow execution will be decreased due to increased read-write operations. See the Workflow and Connectivity Studio document for details on how to configure bulk mode.
Configuring for Export
Perform these procedures to configure the connector for data export:
From the Workflow and Connectivity Studio, select the IBM Informix Database UserExport workflow listed under the projects folder.
If a workflow does not already exist, create an export workflow. See Workflow and Connectivity Studio documentation for details on creating export workflows.
Configuring the Export Connector
- In the Design pane, double-click the export object (the first workflow object after the Start object). The Configure Data Source window displays:
-
From the Configure Plug-in tab, set these properties as required:
Associated Connected System
Select the connected system from the list. The export operation will be done from this connected system.
Data Formats
Select the type of data format to use: Tables - Fetches the data from a table (this is the only data format supported at this time). DeltaExportMode
Select the type of attribute to export if a change takes place (this works in conjunction with ExportMode when DeltaExport is selected):
- OnlyChangedAttributes - Performs a partial export of only the changed attributes from the last time the query was run.
- ChangedAndMandatoryAttributes (default) - Performs a partial export of both changed and mandatory attributes from the last time the query was run. Mandatory attributes are exported whether they have been changed or not.
- AllAttributes - Performs a full export of all attributes that contain a value.
DynamicConnectedSystem
Select the global variable to use as the dynamic connected sys- tem name. This works in conjunction with DynamicCon- nectedSystemOption when GlobalVariable is selected.
DynamicConnectedSystemOption
Select how to control Dynamic System Support (DSS):
- None - There will not be any Dynamic System Support.
- Transaction-SystemName - The value of the Transaction- SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction- SystemName; if it is missing in data, the operation will fail.
- GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
ExcludeEmptyFields Select how to process null fields:
·FALSE - Returns null fields with empty values.
·TRUE - Ignores null fields.ExecuteGIGAssociatedTaskAsynchronously If this property is True, GIG associated tasks will execute asynchronously. ExportMode
Select the type of data to export:
- FullExport - Exports all attributes.
- DeltaExport - Exports changed, mandatory, or all attributes, depending on the DeltaExportMode property setting.
MaximumRows
Select the maximum number of records to be exported (default: 0 [zero, for unlimited]).
ModifyIfEntryExists
Select whether to perform a modify operation if an add operation fails (default: FALSE).
Note: Hover the pointer over a property to view its description.
- Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
-
Click OK to save any changes and return to the Workflow and Connectivity Studio window.
Configuring the Export Link
-
In the Design pane, double-click the export link between the export object (the first workflow object after the Start object) and the Data Mapper object. The Configure Link window displays:
Element Description Database
Select the database name:
- Static - Select from the Database Name drop-down list.
- Dynamic - Select from the Global Variable drop-down list.
Select the database source for the selected fields: Tables or Views.
Tables
Lists the schema tables available for export.
Fields
Lists the fields available for export.
Check attributes for delta export.
Selected Fields
Lists the selected schema table fields for export.
Note: The check boxes are used only for delta export operations. These checked attributes will always be exported whether they were changed or not.
The Format button specifies a desired date/time format to be applied to a selected date type field. Only selected date fields will be able to apply a date/ time format to their value.
Advanced Settings
Displays the Configure Attributes window for selecting any attributes that need to be encrypted.
SQL Query
Displays the SQL query run against the database. The Edit button edits the query.
Where Clause
Displays the where clause in the SQL Query. Note: This text area is editable only when the Update Manually option button is selected.
Update
Select one of these update option buttons:
- Automatically - The where clause is updated automatically.
- Manually - The where clause can be edited manually in the text area.
Preferred Key(s)
Select the field(s) in the Selected Fields list:
- Set Key - Sets the primary key.
- Get Key - Gets the Preferred Key(s) of the selected table/view.
- Perform these steps.
- Select a database from the Schema Select whether the source is Tables or Views. Select the table or view from the Tables/Views list. Select the fields from the Fields list to export and add them to the Selected Fields list. Select the field(s) from the Selected Fields list that require a date and/or time format and click the Format button. The Format Date window displays.
- Select the Include Time check box to add the timestamp with the date. Select the 24 Hour or 12 Hour option button and then select the required date/time Click OK to save the selected format. The Configure Link window displays.
- Perform one of these steps:
- Select the field(s) in the Selected Fields list and click the Set Key button to set the primary
Or
- Click the Get Key button to get the Preferred Key(s) of the selected table/view.
- Select the field(s) in the Selected Fields list and click the Set Key button to set the primary
- Edit the query here or click the Edit button.
Notes:- Query modifications can also be done manually after all fields are This field also supports copy/paste from other sources.
- When formatting a SQL query with functions such as rtrim, ltrim, convert, and to_char, you must write the query as in this example before formatting:
Select PSOPRDEFN_DF.EMPLID, PSOPRDEFN_DF.OPRID from PSOPRDEFN_DF
After formatting:
Select rtrim(PSOPRDEFN_DF.EMPLID)
as EMPLID, PSOPRDEFN_DF.OPRID
from PSOPRDEFN_DF
- You can set up a dynamic database query when one workflow is initiated by another workflow or trigger. For example, when a data change occurs you can set the query to dynamically substitute the trigger data in the This will return only specific records for the substituted value.
- To filter the search data, enter a WHERE or AND clause at the end of the query or in the Where Clause text area with syntax such as TABLE.COLUMN='##CN##'. Note that single quotation marks ( ' ) must be used outside of the ## syntax for a database.
- Check the boxes in the Selected Fields list to set mandatory attributes.
- Query modifications can also be done manually after all fields are This field also supports copy/paste from other sources.
- Select a database from the Schema Select whether the source is Tables or Views. Select the table or view from the Tables/Views list. Select the fields from the Fields list to export and add them to the Selected Fields list. Select the field(s) from the Selected Fields list that require a date and/or time format and click the Format button. The Format Date window displays.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
- Deploy the workflow by selecting Deploy ► New Deployment. See the Workflow and Connectivity Studio documentation for details of deployment options.
- Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.
Configuring for Import
Perform these procedures to configure the connector for data import:
From the Workflow and Connectivity Studio, select the IBM Informix Database UserAdd, UserModify, or UserDelete workflow listed under the projects folder.
If a workflow does not already exist, create an import workflow. See the Workflow and Connectivity Studio documentation for details on creating import workflows.
Configuring the Import Connector
- In the Design pane, double-click the import object (the last workflow object). The Configure Data Source window displays:
-
From the Configure Plug-in tab, set these properties as required:
Associated Connected System
Select the connected system from the list. The import operation will be done to this connected system.
Data Formats
Select the type of data format to use: Tables - Inserts the data to the table (this is the only data format supported at this time).
DynamicConnectedSystem
Select the global variable to use as the dynamic connected sys- tem name. This works in conjunction with DynamicCon- nectedSystemOption when GlobalVariable is selected.
DynamicConnectedSystemOption
Select how to control Dynamic System Support (DSS):
· None - There will not be any Dynamic System Support.
· Transaction-SystemName - The value of the Transaction- SystemName attribute in data will be used as the dynamic connected system. The connected system name must be passed as the value of the attribute Transaction- SystemName; if it is missing in data, the operation will fail.
· GlobalVariable - Select a global variable to use as the dynamic connected system name from the property DynamicConnectedSystem.
ExecuteGIGAssociatedTaskAsynchronously If this property is True, GIG associated tasks will execute asynchronously. Id *
Enter the attribute that contains the value used to uniquely identify the user account user ID on the connected system.
loginId *
Enter the attribute that contains the value used to uniquely identify the user account login ID on the connected system.
MaxConcurrentEntryProcessing
Specify the maximum number of entries to be processed concurrently. For each concurrent process, the connector creates new resource threads and connections. Therefore, it is important to set this property based on resource availability.
When the MaxConcurrentEntryProcessing property is set, multiple entries are processed in parallel, thereby reducing the time taken for bulk import tasks.
ModifyIfEntryExists
Select whether to perform a modify operation if an add operation fails (default: FALSE).
Notes:
* Id and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_ID and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details.
Hover the pointer over a property to view its description.
- Optional) Select the Appearance tab to change how the Connected System object displays in the Design pane.
-
Click OK to save any changes and return to the Workflow and Connectivity Studio window.
Configuring the Import Link
- In the Design pane, double-click the import link between the Data Mapper object and the import object (the last workflow object). The Configure Link window displays:
Element Description Database
Select the database name:
- Static - Select from the Database Name drop-down list.
- Dynamic - Select from the Global Variable drop-down list.
Select the database source for the selected fields: Tables or Views.
Tables
Lists the schema tables available for import.
Fields
Lists the fields available for import.
Check for attribute-level auditing.
If auditing is enabled and these fields below are checked, Provisioning will log all events for auditing purposes. Selected Fields
Lists the selected schema table fields for import.
The Set As Function button specifies system functions in the insert/update value in the import query for the selected attribute (e.g., sysdate, now).
The Format button specifies a desired date/time format to be applied to a selected date type field. Only selected date fields will be able to apply a date/ time format to their value.
SQL Query
Displays the SQL query run against the database. The Edit button edits the query.
Import using template format
Generates the import query using the given format. The actual query is generated by substituting the ##attribute name## with the values given to the import task.
Template - Generates the template for the import query in the SQL Query text area.
Where Clause
Displays the where clause in the SQL Query. Note: This text area is editable only when the Update Manually option button is selected.
Update
Select one of these update option buttons:
- Automatically - The where clause is updated automatically.
- Manually - The where clause can be edited manually in the text area.
Advanced Settings
Displays the Configure Attributes window for selecting any attributes that need to be encrypted.
Preferred Key(s)
Select the field(s) in the Selected Fields list:
- Set Key - Sets the primary key.
- Get Key - Gets the Preferred Key(s) of the selected table/view.
Audit Key
Select the attribute to associate with the Audit Key.
- From the Datasource tab, perform these steps.
- Select a Schema from the drop-down list. Select the table from the Tables Select the fields from the Fields list.
- Perform one of these steps:
- Select the field(s) in the Selected Fields list and click the Set Key button to set the primary key.
Or
- Click the Get Key button to get the Preferred Key(s) of the selected table/view.
- Select the field(s) in the Selected Fields list and click the Set Key button to set the primary key.
- The SQL Query list displays the SQL query run against the You can edit the query here or click the Edit button.
- Check the boxes in the Selected Fields list to enable auditing of the attributes.
- Select a Schema from the drop-down list. Select the table from the Tables Select the fields from the Fields list.
- Click OK to save any changes and return to the Workflow and Connectivity Studio window.
- Deploy the workflow by selecting Deploy ► New Deployment.
See the Workflow and Connectivity Studio document for details of deployment options.
Manage and run the deployed workflow from the Admin UI ► Server tab. See the Identity Suite Administration documentation for details.
Connector Details for Provisioning
Configuration import properties Id and loginId are used by the Provisioning Policy and IdentityHub features to populate the ACCOUNT_ID and ACCOUNT_USERNAME columns of the FISC_USER_ACCOUNT table of the Product database. See the ‘Provisioning Policy’ and ‘Provisioning Using the IdentityHub’ chapters of the Identity Suite Administration Guide for details.