Skip to content

Prerequisites

Make sure your system fits the descriptions below before starting the installation.

Active Directory Application Setup

  1. Create an Active Directory application in IdentityIQ if one does not already exist
  2. Navigate to Application Configuration > Domain Configuration, and fill in the “NetBIOS Name” column for each domain.

Setting Account Mappings

  1. Navigate to Global Settings > Account Mappings.
  2. Create a new attribute by selecting Add New Attribute.

  3. Set the following values:

    • Attribute Name (with the same character case): siqAccountName
    • Display Name: File Access ManagerAccount Name

  4. Select Add Source to add a new source.

  5. Select Global Rule.
  6. Select the ellipsis button (…) to the right of the Rule field.

  7. Set the following values:

    • Rule Name: SIQ Account Name
    • Source code: 
      import sailpoint.object.Application;
import sailpoint.object.Link;
import sailpoint.tools.Util;
import java.util.List;

value = null;

if (link != null) {

   Application app = link.getApplication();

   if (app != null && app.type.equalsIgnoreCase("Active Directory - Direct")) {

      String msDSPrincipalName = link.getAttribute("msDS-PrincipalName");
      if (Util.isNotNullOrEmpty(msDSPrincipalName) && msDSPrincipalName.contains("\\") ) {
         value = msDSPrincipalName;
      }
      else {
            String sAMAccountName = link.getAttribute("sAMAccountName");
            String distinguishedName = link.getAttribute("distinguishedName");
            List settings = app.getAttributeValue("domainSettings");

            if (settings != null && Util.isNotNullOrEmpty(sAMAccountName) && Util.isNotNullOrEmpty(distinguishedName)) {

               distinguishedName = distinguishedName.toLowerCase();
               String userDomainDN = distinguishedName.substring(distinguishedName.indexOf(",dc=") + 1);

               for (Map settingObj : Util.iterate(settings)) {
                  if (!Util.isEmpty(settingObj)) {

                        String domainNetBIOSName = Util.getString(settingObj, "domainNetBiosName");
                        String domainDN = Util.getString(settingObj, "domainDN");
                        if (Util.isNotNullOrEmpty(domainNetBIOSName) && Util.isNotNullOrEmpty(domainDN) && userDomainDN.equalsIgnoreCase(domainDN)) {
                           value = domainNetBIOSName + "\\" + sAMAccountName;
                        }
                  }
               }
            }
      }
   }
}

return value;

  8. Select Save.

  9. Select SIQ Account Name from the Rules selection.
  10. Select Add.
  11. Select Save.
  12. Create a new attribute by selecting Add New Attribute.

  13. Set the following values:

    • Attribute Name (with the same character case): siqPrincipalName
    • Display Name: File Access Manager Principal Name

  14. Select Add Source to add a new source.

  15. Set the following values:

    • Application: The Active Directory application name
    • Attribute: userPrincipalName

  16. Select Add.

  17. Select Save.

Note

To force IdentityIQ account mappings to be updated, run the Active Directory Account Aggregation task with the option Disable optimization of unchanged accounts checked.

IdentityIQ User for File Access Manager

File Access Manager connects to IdentityIQ, using the basic authentication mechanism to retrieve data from IdentityIQ.

Basic authentication requires a user name and a password.

Assign an IdentityIQ user (with SCIM Executor capability) to File Access Manager so that the user has access to, and can retrieve data from,IdentityIQ.