Skip to content

Identity Collection

The Identity Collector is a software component responsible for synchronizing identity data, such as accounts and attributes, from identity stores.

Examples of Identity Collectors are:

  • Active Directory (the most common Identity Store)
  • NIS Identity Collector (used in Linux/Unix environments)
  • Microsoft Azure Active Directory (used for cloud applications)
  • Data Source Identity Collector

You define Identity Collectors by creating a new Identity Collector, which represents the main Active Directory Domain (or Authentication Store).

The following section describes how to create or edit an Active Directory identity collector. The process for creating or editing an NIS, Azure, or Data Source Identity Collector is similar to that for Active Directory, with the main difference being the actual configuration.

You can also configure and edit Cloud Identity Collectors (e.g., Box, Dropbox, Google Drive, etc.).

The Configuring the Permissions Collector section in the Administrator guide outlines how to configure users, groups, and user-groups for homegrown Permissions Collection, which is similar to configuring a Data Source Identity Collector.

Cloud Identity Collectors

Cloud application Identity Collectors are created during the application setup process. Once created, they will be displayed and can be edited through the Identity Collector screen.

These Identity Collectors are created through the adding application setup process. You can view the connected fields, join other data sources, and complete dynamic field mapping.

For Cloud Identity Collectors, the Permissions Collector Scheduler can be set through the application’s wizard.

Note

You cannot set a Cloud application as an authentication store.

Identity Collector Main Page

The Identity Collector page displays all previously created Identity Collectors. This screen allows the user to add, edit, remove, sync, and manage Identity Collectors. You can also set the Authentication Store.

Note

Cloud application Identity Collectors are created during the application setup process. They will be displayed on this screen and can also be edited here.

Accessing the Identity Collector Page

Navigate to Admin > Identity Collectors to access the Identity Collector page.

To Create a New Identity Collector:

  1. Select Create New.

    • Name - This is the name of an Identity Collector.
    • Type - This refers to the type of Identity Collector (e.g., Active Directory, Azure, NIS, Data Source).
    • Actions - The Actions column provides three options:

      • Edit
      • Delete
      • More
        • Run Synchronization
        • Set Authentication Store

Note

If an Identity Collector is set as an Authentication Store, that Identity Collector will display in the first row.

Filters

To filter the results in the grid, select the filter icon on the heading bar and select the desired criteria.

Users can filter Identity Collectors by entering a full or partial name, or by selecting a known type.

  1. Select Apply to apply the filter.
  2. Select Clear All to remove the filters and repopulate the grid.

Editing an Identity Collector

To edit an Identity Collector, select the edit icon on the row of the Identity Collector you wish to modify.

Note

The Type field will be disabled and cannot be changed.

With the exception of the Type field, every other step in the wizard will be editable.

Deleting an Identity Collector

Note

If an Identity Collector is set as the Authentication Store, it cannot be deleted. If an Identity Collector is used in another part of File Access Manager, it cannot be deleted.

Additionally, only one Identity Collector can be deleted at a time.

To delete an Identity Collector:

  1. Select the delete icon on the row of the Identity Collector you wish to remove.
  2. A confirmation dialog will appear, asking you to confirm the deletion of the selected Identity Collector.

Running the Synchronization Task

A user can sync an Identity Collector to ensure it has the most up-to-date identities. If any changes are made to the Identity Collector, run the synchronization task to update those changes.

To run the synchronization:

  1. Navigate to the Actions column on the Identity Collector row.
  2. Select More Options > Run Synchronization.

Note

It is recommended to run the synchronization task before selecting an Authentication Store.

Note

Cloud applications cannot run the Synchronization task.

Setting an Authentication Store

Authentication Stores are used by File Access Manager to authenticate users across its various interfaces.

Changing the Authentication Store

Changing the Authentication Store from one Identity Collector to another will affect the following:

  • The users associated with File Access Manager and their access permissions.
  • It will stop the review processes of all running Access Certification Campaigns and Access Requests.
  • It may impact predefined review processes.

Before changing your Authentication Store, it is recommended to run synchronization on the Identity Collector to ensure you have the most up-to-date results and avoid any loss of user permissions.

To set an Authentication Store:

  1. Select More Options on the row of the Identity Collector you wish to set as the Authentication Store.
  2. Choose Set Authentication Store.

Note

The newly set Identity Collector will be moved to the top of the grid.

Caution

Cloud application Identity Collectors cannot be set as Authentication Stores.

Caution

You can connect the Authentication Store Identity Collector to other Identity Collectors by setting the Same User Field between two or more collectors. This will extend the Access Request's Usage list.

When creating a new Identity Collector, a toggle appears in the General Details step to set the Identity Collector as the Authentication Store.

Note

The toggle to set the Authentication Store will only appear when creating a new Identity Collector if no Authentication Stores are currently enabled.