Defining a Data Enrichment Connector

A Data Enrichment Connector (DEC) is a software module that facilitates communication between File Access Manager and an organizational / security system. File Access Manager enables the definition of multiple DECs and uses them to enrich monitored activities with information retrieved from various organizational systems, such as Human Resources or Security Infrastructure.

To define a Data Enrichment Connector (DEC), perform the following steps:

  1. Navigate to Applications > Configuration > Activity Monitoring > Data Enrichment Connectors

    The general Data Enrichment Connectors window displays.

  2. Click New.

    The New Data Enrichment Connector window displays.

  3. Type a Name for the new DEC in the Name field.

  4. Select one of the following types from the Type field:

    • Active Directory (default)

    • File Access Manager

    • Database

  5. The configuration fields displayed under the Type field vary, based upon the type of DEC selected.

    Note: The configuration fields in the data enrichment connector configuration tab (above) depend upon the selection of the Active Directory as the DEC type.

  6. If Active Directory is the DEC type, type in all the associated configuration fields, which for Active Directory, include:

    • Domain

    • Domain Net BIOS Name

    • Port

    • Username

    • Password

      • Optional configuration:

      Check the Is Specific Server check box to bind to a specific server, and then provide the server’s name in the Specific Server Name field.

      Check the SSL check box to connect with SSL.

    • Is Specific Server – connect to a specific server (domain controller) instead of using the domain name.

    • Specific Server Name – the name of the server to connect to if "Is Specific Server" is checked. Could be a short name or a FQDN as long as it's reachable.

    • SSL – connect using Secure Socket Layer / Transport Layer Security (SSL/TLS) or use unencrypted communication.

    • Base DN – the Distinguished Name of the Organizational Unit to use as the root of the tree. Defaults to the root of the domain.

    The following properties are only used by the data enrichment connector (DEC) to enrich activities, not by an Identity Collector that uses the DEC as a reference:

    • Groups Fetch – whether to fetch the names of groups that users are members of (memberOf information).

    • Groups Receive – whether to fetch memberOf information recursively.

    • Groups Recursive Levels – how many recursive levels of memberOf information to fetch.

    • User Account Control Fetch – whether to fetch user account control information.

    • Pool Size – number of Active Directory connection objects to keep open (effectively the number of queries that can be run in parallel).

    • Timeout – Active Directory connection attempt timeout in seconds.

    • Report Interval – Health report and configuration refresh interval.

  1. If IdentityIQ is the data enrichment connector (DEC) type, follow the connector guide Integrating IdentityIQ with File Access Manager for Enrichment.

  2. If Database is the DEC type, type in all the associated configuration fields, which for Database, include:

    • Database Type

    • User

    • Password

    • Query

    • Query Timeout (minutes)

    • Database Server

    • Database Name