Manually Updating MS SQL Database with Imprivata EAM Data
To keep the MS SQL database up to date with Imprivata EAM managed system, you need to run the data extraction process periodically. The Imprivata EAM only aggregates data from the MS SQL database, so there is a risk of aggregating outdated data if the MS SQL database is not updated using the data extraction process.
To Update the MS SQL Database Manually with Imprivata EAM Data
Follow these steps to perform the data extraction from the MS SQL database:
-
Create a data extraction user in Imprivata managed system with the appropriate permissions:
-
Create a designated service account (in any domain).
Important
The Imprivata EAM integration is set up to only work withDataExtractionUseraccount name. Ensure to use this name only while creating the service account. -
Create a user policy with only the password modality enabled and assign it to the previously created
DataExtractionUseruser account. -
Verify that the designated user can authenticate with Imprivata EAM managed system.
-
-
Generate an Ostick token for the data extraction user:
-
To execute the data extraction API, you need to get an OStick token by executing the authUser API with the following details:
-
Username: The username of the
DataExtractionUser. -
Password: The password of the
DataExtractionUser. -
DomainName: The domain name of the
DataExtractionUser.Following is an example of the CURL request for authUser API:
Copycurl --location 'https://<Imprivata_IP>/sso/ProveIDWeb/v1/AuthUser' \
--header 'Content-Type: text/xml' \
--header 'Accept: text/xml' \
--header 'isx-product: 9ac34f7f-22fc-40d0-aec3-9dc3d8bfc327' \
--data '<Request>
<ModalityAuthInput modalityID="PWD">
<AuthRequest>
<PasswordVerificationRequest>
<UserIdentity>
<Username>DataExtractionUser</Username>
<Domain>Domain_Name</Domain>
</UserIdentity>
<Password>Password</Password>
</PasswordVerificationRequest>
</AuthRequest>
</ModalityAuthInput>
<CreateAuthTicket>true</CreateAuthTicket>
</Request>'
-
-
You will receive an AuthTicket in the response, which must be URL-encoded before using it in the Data Extraction API.
-
-
Run the Data Extraction API with the following details:
-
server (Required): Specifies the target database address. For example, IPName, or FQDN
-
port (Optional): Defines the port on which the target database is running. The default is 1433.
-
databaseName (Optional): Defines the target database name. The default is
OneSignStaging. -
user (Required): Part of the credential used to access the target database.
-
password (Required): Part of the credential used to access the target database.
Following is an example of the CURL request for the Data Extraction API:
Copycurl --location '<https://<Imprivata_IP>>/sso/ProveIDWeb/v18/DataExtraction' \
--header 'isx-product: 9ac34f7f-22fc-40d0-aec3-9dc3d8bfc327' \
--header 'Content-Type: text/xml' \
--header 'Accept: text/xml' \
--header 'Authorization: OStick ostick.ticket=rO0ABXQAAzEuMnQAJGZlNmY0YzEzLTBkMzctNDFjNy1hZjRjLTEzMGQzN2UxYzcyZXQAJDEwNmJhZjNkLTRiODUtNDQ1YS1hYmFmLTNkNGI4NTI0NWE3MHNyAA5qYXZhLnV0aWwuRGF0ZWhqgQFLWXQZAwAAeHB3CAAAAZWkdpZleHNyABFqYXZhLmxhbmcuQm9vbGVhbs0gcoDVnPruAgABWgAFdmFsdWV4cAB0AAB3BAAAAAF0AANQV0R3BP%2F%2F%2F%2F93iAAAAMIAAACAYmoas2KMf5MH4yzQWIlT3Ljam%2Bg2FN3l65qaCAWTB4d6VYGuOw5mflD0W4X18jkDP0Si5CpfAsdc9F0EhJzOS8%2FjPD0c%2FjPI62F89rWhsV%2BbCQ8Dbvj6OsYKaja%2BESYCu4OvpqePjPdPKMiNOMMayHbG7NVZRNf6YVcHMpZY6h0%3D' \
--header 'Accept-Encoding: identity' \
--header 'Connection: Keep-Alive' \
--data '<Request>
<DataExtractionInput>
<DataExtractionRequest>
<rdbms>sqlserver</rdbms>
<server>my-ms-sql-server-address</server>
<port>1433</port>
<databaseName>OneSignStaging</databaseName>
<user>imprivata</user>
<password>imprivata</password>
<version>v1</version>
<uctsStartTime>2025-01-01 00:00:00 +00:00</uctsStartTime>
<directive>truncateTarget</directive>
<directive>keepReportFiles</directive>
<reportLimitDays>300</reportLimitDays>
<reportLimitRows>10000000</reportLimitRows>
</DataExtractionRequest>
</DataExtractionInput>
</Request>' -