The discovery processes are designed to be used when a resource is being deployed for the first time. They provide a means to load account information into Identity Manager quickly. As a result, they do not provide all the features found in reconciliation or Active Sync. For example, the discovery process does not add entries to the Account Index. Nor can you run workflows before or after discovery. However, the discovery processes allow you to determine more quickly whether correlation rules are working as expected.
When you begin a discovery process, Identity Manager determines whether an input account matches (or correlates with) an existing user. If it does, the discovery process merges the account into the user. The process will create a new Identity Manager user from any input account that does not match.
Identity Manager provides the following discovery functions:
Load From File. Reads accounts listed in a file and loads them into Identity Manager.
Load From Resource. Extracts accounts from a resource and loads them directly into Identity Manager.
Create Bulk Action. Executes user creation commands listed in a file.
See the following sections for more information about these discovery processes.
The Load from File discovery process reads account information that has been written into an XML or CSV (comma-separated values) file.
Some resources, such as Active Directory, have the ability to export native account information into a comma-separated values (CSV) format. These CSV files can be used to create Identity Manager accounts. See Business Administrator's Guide for more information about CSV formatting.
When you load from a file, you must specify which account correlation and confirmation rules to use. See Correlation and Confirmation Rules for more information.
The Load from Resource feature scans a target system and returns information on all users. Identity Manager then creates and updates users. An adapter must have been configured for the resource before you can load from the resource.
When you load from a resource, you must specify which account correlation and confirmation rules to use. See Correlation and Confirmation Rules for more information.
Bulk actions allow you to act on multiple accounts at the same time. You can use bulk actions to create, update, and delete Identity Manager and resource accounts, but this discussion will be limited to Identity Manager creating accounts. See Business Administrator's Guide for a full description of bulk actions.
Bulk actions are specified using comma-separated values (CSV). The structure of these values differs from those specified in a Load from File process.
The CSV format consists of two or more input lines. Each line consists of a list of values separated by commas. The first line contains field names. The remaining lines each correspond to an action to be performed on an Identity Manager user, the user’s resource accounts, or both. Each line should contain the same number of values. Empty values will leave the corresponding field value unchanged.
Two fields are required in any bulk action CSV input:
user. Contains the name of the Identity Manager user.
command. Contains the action taken on the Identity Manager user. For creating Identity Manager users, this value must be Create.
The third and subsequent fields are from the User view. The field names used are the path expressions for the attributes in the views. See Understanding the User View in Deployment Reference for information on the attributes that are available in the User View. If you are using a customized User Form, then the field names in the form contain some of the path expressions that you can use.
Following is a list of some of the more common path expressions used in bulk actions:
waveset.roles. A list of one or more role names to assign to the Identity Manager account.
waveset.resources. A list of one or more resource names to assign to the Identity Manager account.
waveset.applications. A list of one or more resource groups to assign to the Identity Manager account.
waveset.organization. The organization name in which to place the Identity Manager account.
accounts[resource_name].attribute_name. A resource account attribute. The names of the attributes are listed in the schema for the resource.
Some fields can have multiple values. For example, the waveset.resources field can be used to assign multiple resources to a user. You can use the vertical bar (|) character (also known as the “pipe” character), to separate multiple values in a field. The syntax for multiple values can be specified like this:
value0 | value1 [ | value2 ... ]
The following example illustrates Create bulk actions:
command,user,waveset.resources,password.password,password.confirmPassword,accounts[AD].description ,accounts[Solaris].comment Create,John Doe,AD|Solaris,changeit,changeit,John Doe,John Doe Create,Jane Smith,AD,changeit,changeit,Jane Smith, |
The Create bulk action is more versatile than the from Load from File process. Bulk actions can work with multiple resources, while Load from File loads information from one resource at a time.