Configuration for Provisioning

Provisioning entitlements and role assignments in ISVG requires the installation of IdentityIQ’s ISVG integration web application in WebSphere with ISVG. This process varies slightly depending on the version of WebSphere.

IdentityIQ roles are queued and pushed in ISVG on a schedule. This is accomplished by using the Synchronize Roles task.

Prepare the WAR: The iiqIntegration-ITIM.war file contains a properties file named itim.properties with information about how to connect using ISVG. In order to execute, this must be edited to include appropriate information about the ISVG installation. Additionally, the .war file does not include any of the required jar files of ISVG files since these can change depending on the version and fixpack level of ISVG. These need to be copied out of the ISVG lib directory and added to the .war file.
1. Expand the iiqIntegration-ITIM.war file in a temporary directory.
2. Edit the WEB-INF/classes/itim.properties file and change the properties match your environment. Save the file with your changes. The following can be changed:
  - PLATFORM_URL: URL to use to communicate with ISVG.
    The format of the URL must be same as the value of enrole.appServer.url from enRole.properties located under <ITIM-HOME>/data directory.
  - PLATFORM_PRINCIPAL: The administrator user who can login to the administrator Console of WAS.
  - PLATFORM_CREDENTIALS: Password of the principal. Encrypting password is supported.
  - TENANT_DN: The root DN of the ISVG tenant.
3. Copy the required jar files of ISVGinto the lib directory. These .jar files are located in the deployed ISVG ear directory.
  
  ( For ISIM 6.0): Example ISVG ear directory:
  
  $WAS_HOME/profiles/<app server>/installedApps/<cell>/ITIM.ear
  
  Following are the required files:
  - api_ejb.jar
  - itim_api.jar
  - itim_server_api.jar
4. Update the iiqIntegration-ITIM.war file to include the updated itim.properties and required jar files of ISVG.
  
  For example:
  Copy
```
jar uvf iiqIntegration-ITIM.war WEB-INF/classes/itim.properties \
WEB-INF/lib/api_ejb.jar WEB-INF/lib/itim_api.jar \
WEB-INF/lib/itim_common.jar WEB-INF/lib/itim_server_api.jar \
WEB-INF/lib/jlog.jar
```
Install the IdentityIQ ISVG Integration Web Application: In the WebSphere Administrative Console, navigate to Enterprise Applications and select Install.
1. Select iiqIntegration-ITIM.war as the application to install and type iiqisim as the context root.
2. Continue through the rest of the installation wizard accepting the defaults.
3. When completed, click Save to save the changes to the master configuration.
Setup the Integration Config: The IntegrationConfig object holds information about how to connect IdentityIQ to ISVG and all of the configuration requirements for various functions. ISVG supports dual role push mode, which means that both detectable and assignable roles can be used. An example can be found in the ISVG integration folder within your IdentityIQ installation directory in the $INSTALLDIR/integration/ITIM/samples/exampleIntegration.xml directory.

The main properties that need to be set are:
- executor: sailpoint.integration.isim.ISIMIntegrationExecutor
- ApplicationRef: The reference to the ISVG application
- Attributes > URL: The URL to the IIQ web service on the ISVG server.
  
  For example,
  https://myisim.example.com:9080/iiqisim/resources
  
  Note
  SailPoint recommends that you use SSL when transmitting sensitive electronic information.
- Attributes > username: ISVG user's credentials used for basic HTTP authentication.
- Attributes > password: ISVG user's password used for basic HTTP authentication.
- ManagedResources map: Mappings of local IdentityIQ applications to ISVG services, including mappings of local IdentityIQ attribute names to ISVG service attribute names.
For more information, see Appendix A: Common Identity Management Integration Configuration
Verify: Be certain that the integration has been installed correctly by using the ping command in the integration console. If successful, this should respond and list version information about the ISVG jar files that were put into the iiqIntegration-ISIM.war file. Compare this version information against the version of the ISVG server to ensure correct operation.
Support for Role Management (ITIM Role Management): The ISVG User can be provisioned and De-provisioned from IdentityIQ Lifecycle Manager flow. This can be enabled by setting the value of IS_ITIMROLES_PROVISIONED property to true in the itim.properties file. By default the value of IS_ITIMROLES_PROVISIONED is set to false as follows:

IS_ITIMROLES_PROVISIONED=false

If user wants to provision the ISVG roles attribute from Lifecycle Manager flow then change the property of the ITIM role application Account schema attribute for Identity Security Manager (parent) to managed and multivalued. By default, the ISVGRoles will not be provisioned.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Configuration for Provisioning

Documentation Feedback