Identity Manager account discovery features help facilitate rapid deployment and speed account creation tasks.
These features are:
Extract to File. Extracts the resource accounts returned by a resource adapter to a file (in CSV or XML format). You can manipulate this file before importing the data into Identity Manager.
Load from File. Reads accounts in a file (in CSV or XML format) and loads them into Identity Manager.
Load from Resource. Combines the other two discovery features, extracting accounts from a resource and loading them directly into Identity Manager.
Using these tools, you can create new Identity Manager users or correlate accounts on a resource with existing Identity Manager user accounts.
The pages in this section focus on how to use Identity Manager’s Discovery features. To learn about data loading and synchronization in depth, see Chapter 4, Data Loading and Synchronization, in Sun Identity Manager Deployment Guide.
Use this feature to extract resource accounts from a resource to an XML or CSV text file. Doing this allows you to view and make changes to extracted data before importing it into Identity Manager.
From the menu bar, select Accounts, and then select Extract to File.
Select a resource from which to extract accounts.
Select a file format for the output account information. You can extract data to an XML file, or to a text file with account attributes arranged in comma-separated value (CSV) format.
Click Download. Identity Manager displays a File Download dialog, in which you may choose to save or view the extracted file.
If you choose to open the file, you might have to select a program to view it.
Use this feature to load resource accounts, extracted from a resource through Identity Manager or from another file source, into Identity Manager. A file created by the Identity Manager Extract to File feature is in XML format. If you are loading a list of new users, the data file typically is in CSV format.
Often, accounts to be loaded are listed in a spreadsheet and saved in comma-separated-value (CSV) format for loading into Identity Manager.
CSV file contents must follow these format guidelines:
Line 1. Lists column headings or schema attributes for each field, separated by commas.
Lines 2 to end. Lists values for each attribute defined in line 1, separated by commas. If data does not exist for a field value, that field must be represented by adjacent commas.
For example, the first three lines of a CVS file might look like the following example file entries:
firstname,middleinitial,lastname,accountId,asciipassword,EmployeeID,Department,Phone John,Q,Example,E1234,E1234,1234,Operations,555-222-1111 Jane,B,Doe,E1111,E1111,1111,,555-222-4444
In this example, note that Jane Doe, the second user, does not have a department. The missing value is represented by adjacent commas (,,).
In the Administrator interface, click Accounts in the menu, then click Load from File.
Identity Manager displays the Load Accounts from File page.
Use this page to specify the necessary account loading options.
The options include:
User Form. When load creates an Identity Manager user, the user form assigns an organization as well as roles, resources, and other attributes. Select the user form to apply to each resource account.
Account Correlation Rule. An account correlation rule selects Identity Manager users that might own each unowned resource account. Given the attributes of an unowned resource account, a correlation rule returns a list of names or a list of attribute conditions that will be used to select potential owners. Select a rule to look for Identity Manager users that may own each unowned resource account.
Account Confirmation Rule. An account confirmation rule eliminates any non-owner from the list of potential owners that the correlation rule selects. Given the full View of an Identity Manager user and the attributes of an unowned resource account, a confirmation rule returns true if the user owns the account, and false otherwise. Select a rule to test each potential owner of a resource account. If you select No Confirmation Rule, Identity Manager accepts all potential owners without confirmation.
In your environment, if the correlation rule will select at most one owner for each account, then you do not need a confirmation rule.
Load Only Matching. Select to load into Identity Manager only those accounts that match an existing Identity Manager user. If you select this option, load will discard any unmatched resource account.
Update Attributes. Select to replace the current Identity Manager user attribute values with the attribute values from the account being loaded.
Merge Attributes. Enter one or more attribute names, separated by commas, for which values should be combined (eliminating duplicates) rather than overwritten. Use this option only for list-type attributes, such as groups and mailing lists. You must also select the Update Attributes option.
Result Level. Select a threshold at which the load process will record an individual result for an account:
Errors only. Record an individual result only when loading an account produces an error message.
Warnings and errors. Record an individual result when loading an account produces a warning or an error message.
Informational and above. Record an individual result for every account. This causes the load process to run more slowly.
In the File to Upload field, specify a file to load, and then click Load Accounts.
If the input file does not contain a user column, you must select a confirmation rule for the load to proceed correctly.
The task instance name associated with the load process is based on the input file name; therefore, if you reuse a file name, then the task instance associated with the latest load process will overwrite any previous task instances.
About CSV File Format illustrates the fields and options available in the Load from File screen.
If an account matches (or correlates with) an existing user, the load process will merge the account into the user. The process will also create a new Identity Manager user from any input account that does not correlate (unless Correlation Required is specified).
The bulkAction.maxParseErrors configuration variable sets a limit on the number of errors that can be found when a file is loaded. By default, the limit is 10 errors. If the maxParseErrors number of errors is found, then parsing stops.
Use this feature to directly extract and import accounts into Identity Manager according to the load options you specify.
In the Administrator interface, click Accounts in the menu, then click Load from Resource.
The “Load Accounts from Resource” page opens.
Specify the load options on the “Load Accounts from Resource” page.
The load options for this page are the same as those on the “Load from File” page (see Load from File).