Prerequisites
Make sure your system fits the descriptions below before starting the installation.
Active Directory Application Setup
- Create an Active Directory application in IdentityIQ if one does not already exist
- Navigate to Application Configuration > Domain Configuration, and fill in the “NetBIOS Name” column for each domain.
Setting Account Mappings
- Navigate to Global Settings > Account Mappings.
- Create a new attribute by selecting Add New Attribute.
-
Set the following values:
- Attribute Name (with the same character case):
siqAccountName
- Display Name:
File Access ManagerAccount Name
- Attribute Name (with the same character case):
-
Select Add Source to add a new source.
- Select Global Rule.
- Select the ellipsis button (…) to the right of the Rule field.
-
Set the following values:
- Rule Name:
SIQ Account Name
- Source code:
import sailpoint.object.Application; import sailpoint.object.Link; import sailpoint.tools.Util; import java.util.List; value = null; if (link != null) { Application app = link.getApplication(); if (app != null && app.type.equalsIgnoreCase("Active Directory - Direct")) { String msDSPrincipalName = link.getAttribute("msDS-PrincipalName"); if (Util.isNotNullOrEmpty(msDSPrincipalName) && msDSPrincipalName.contains("\\") ) { value = msDSPrincipalName; } else { String sAMAccountName = link.getAttribute("sAMAccountName"); String distinguishedName = link.getAttribute("distinguishedName"); List settings = app.getAttributeValue("domainSettings"); if (settings != null && Util.isNotNullOrEmpty(sAMAccountName) && Util.isNotNullOrEmpty(distinguishedName)) { distinguishedName = distinguishedName.toLowerCase(); String userDomainDN = distinguishedName.substring(distinguishedName.indexOf(",dc=") + 1); for (Map settingObj : Util.iterate(settings)) { if (!Util.isEmpty(settingObj)) { String domainNetBIOSName = Util.getString(settingObj, "domainNetBiosName"); String domainDN = Util.getString(settingObj, "domainDN"); if (Util.isNotNullOrEmpty(domainNetBIOSName) && Util.isNotNullOrEmpty(domainDN) && userDomainDN.equalsIgnoreCase(domainDN)) { value = domainNetBIOSName + "\\" + sAMAccountName; } } } } } } } return value;
- Rule Name:
-
Select Save.
- Select SIQ Account Name from the Rules selection.
- Select Add.
- Select Save.
- Create a new attribute by selecting Add New Attribute.
-
Set the following values:
- Attribute Name (with the same character case):
siqPrincipalName
- Display Name:
File Access Manager Principal Name
- Attribute Name (with the same character case):
-
Select Add Source to add a new source.
-
Set the following values:
- Application: The Active Directory application name
- Attribute:
userPrincipalName
-
Select Add.
- Select Save.
Note
To force IdentityIQ account mappings to be updated, run the Active Directory Account Aggregation task with the option Disable optimization of unchanged accounts checked.
IdentityIQ User for File Access Manager
File Access Manager connects to IdentityIQ, using the basic authentication mechanism to retrieve data from IdentityIQ.
Basic authentication requires a user name and a password.
Assign an IdentityIQ user (with SCIM Executor capability) to File Access Manager so that the user has access to, and can retrieve data from,IdentityIQ.