Preparing for Data Loading
Review the following sections before you begin the process of loading account information into Waveset:
-
Configuring an Adapter
-
Setting Account ID and Password Policies
-
Creating a Data Loading Account
-
Assigning Forms
Configuring an Adapter
To manage accounts on resources, you must configure an adapter for each source of account information. If you are using the Load from File process or bulk actions, then the adapter configuration can wait until you are ready to reconcile. Otherwise, the adapter must be configured before you can load data into Waveset.
For general information about configuring an adapter, see Understanding and Managing Identity Manager Resources in Sun Identity Manager 8.1 Business Administrator’s Guide. For detailed information about a specific adapter, refer to the Sun Identity Manager 8.1 Resources Reference or the online help.
Setting Account ID and Password Policies
When you load account data from a resource using Load from Resource, reconciliation, or Active Sync, Waveset does not obtain the password from the resource. (It would be a security breach on the part of the resource if it yielded the password.) Therefore, the Waveset account passwords will not be the same as the those on the resource. By default, Waveset generates a random password that must be reset. However, you can also use the password view in the user form to specify a temporary password, such as a literal string that is the same for everyone, or is the same as the Waveset account ID. See Assigning User Forms and Chapter 3, Identity Manager Views, in Sun Identity Manager Deployment Reference for more information.
For bulk actions, and Load from File, you can specify password values in the CSV file. These should be considered temporary passwords that users must change.
Policies establish limitations for Waveset accounts, and are categorized as:
-
Waveset account policies -- Use these to establish user, password, and authentication policy options. These account policies are assigned to organizations or users.
-
Resource password and account ID policies -- Use these to set or select length rules, character type rules, and allowed words and attribute values.
Make sure you make any updates to the default policies before you begin loading account information into Waveset.
The following table lists the policies provided with Waveset as well as the default settings.
Table 4–2 Default Waveset Policies
See Chapter 3, User and Account Management, in Sun Identity Manager 8.1 Business Administrator’s Guide for more information about account and password policies.
Creating a Data Loading Account
It is recommended that you create a separate administrator account to perform data loading for the following reasons:
-
Data loading actions can be tracked more easily when auditing is enabled.
-
Every Waveset administrator is assigned a user form that creates and edits Waveset users. When you create an account for data loading, you can specify a streamlined form that runs quicker than the default forms. See the next section for information.
See Creating Users and Working with User Accounts in Sun Identity Manager 8.1 Business Administrator’s Guide for more information about creating accounts.
Assigning User Forms
In the context of data loading, user forms are used to perform background processing. For example, forms can work in conjunction with resource adapters to process information from an external resource before storing it in the Waveset repository. They can also be used to place users in the correct Organization based on input user data.
The user view is a data structure that contains all available information about an Waveset user. It includes:
-
Attributes fetched from resource accounts
-
Information derived from other sources such as resources, roles, and organizations
Views contain many attributes, and a view attribute is a named value within the view (for example, waveset.accountId is the attribute in the user view whose value is the Waveset account name).
Most form field names are associated with a view attribute. You associate a field with a view attribute by specifying the name of the view attribute as the name of the form field. For more information on the user view, including a reference for all attributes in the user view, see the chapter titled Views.
The following fields are often in a user form that loads users.
The waveset.accountId and waveset.organization are values specific to Waveset. The EmployeeId attribute is a customized attribute. Its use is illustrated in Defining Custom Correlation Keys.
Waveset provides numerous forms that are pre-loaded into the system. Additional forms are also available in the $WSHOME/sample/forms directory. Many of the forms in this directory are resource-specific. You might wish to review these forms with the Identity Manager IDE to determine whether they should be used in production.
To increase performance during bulk operations, the user form assigned to an administrator should be as simple as possible. If you want to create a form for data loading, then you can remove code that is designed to display data. Another example of simplifying the form would be if you use bulk add actions. Your CSV file could define basic attributes such as firstname and lastname. These attributes could then be removed from the administrator’s user form. See the chapter titled Waveset Forms for more information about creating and editing forms.
Note –
Do not directly modify a form provided with Waveset. Instead, you should make a copy of the form, give it a unique name, and edit the renamed copy. This will prevent your customized copy from being overwritten during upgrades and service pack updates.
- © 2010, Oracle Corporation and/or its affiliates