Skip to content

Reconfiguring an Application

The application reconfiguration option enables you to change the application type without losing history associated with the application or having to create a new application. For example, if you first deployed your instance of IdentityIQ using a flat file connection, but now want to use some of the more advance features, such as provisioning. The type defines the way in which IdentityIQ connects to the application.

Application types that have the same value format for identity and group attributes in the original and reconfigure target are best suited for reconfiguration.

The following application types can be reconfigured:

Note

Even in the following scenarios, there might be some connectors that do not re-configure correctly. See Application Reconfiguration Considerations.

  • Delimited file to the corresponding direct connector (Delimited File to Active Directory -- Direct)

  • JDBC connector to corresponding direct connector (JDBC to Oracle Applications -- Direct)

  • Agent based connector to direct connector (Active Directory -- Full to Active Directory -- Direct)

  • To a rewritten connector for better performance or more functional support (Google Apps -- Direct)

Application Reconfiguration Considerations

Take the following points into consideration before deciding to reconfigure an application.

Do the identity attribute of account and group in the original application match the identity attribute of account and group in the reconfigured application?

For example:

  • Two application types (Delimited File and Active Directory – Direct) use distinguishedName as the identity attribute of account, and use the same identity attribute for group. Since both of these applications refer to the same identity attribute of both account and group, they would be good candidates for reconfiguration.

  • Two application types (Oracle Application – FULL and Oracle Application – Direct) use different identity attributes for account, USER_ID in one and USER_NAME in the other and, USER_ID and USER_NAME differ in format. These are not good candidates for reconfiguration.

Note

If there are special attributes (native identity, managed attribute, entitlement) that split into multiple attributes in the new application type, reconfiguration is not recommended.

  • Profiles in SAP–Full refer to both profiles and groups in the managed system, whereas in SAP–Direct, profile refers to profiles and group refers to the groups in the managed system. These are not good candidates for reconfiguration.

Before Application Reconfiguration

Perform the following actions before you begin the reconfiguration process:

  • Backup the application xml and application type specific customizations such as rules and business processes.

  • Plan the attribute mapping of the original and new applications for accounts and group schema. If there are attributes in the original application type that are not in the reconfigured application type, you might lose some configuration and historical data.

  • Check the provisioning policies of the target application and decide which policy to use, the policy from the original application type or the policy from the reconfigured application type.

How to Reconfigure an Application

Note

While reconfiguring an application the target application must have a static schema and not a dynamic schema like JDBC or DelimitedFile connectors. There is the button named Discover Schemas to generate the schema.

  1. Go to Applications > Application Definition and select an application.

  2. On the Application Configuration page, select Reconfigure to display the Select New Application Type dialog.

  3. Select an application type from the New Application Type dropdown list and select Save.

  4. Confirm your selection to go to the Application Configuration page in edit mode.

    The tabs that contain information requiring attention are marked with an red asterisk.

  5. Go to the Attributes tab and enter the valid configuration attribute settings and test the connection.

  6. Go to the Schema Mapping tab and map the Previous Schema Attributes to the New Application Type Schema Attributes for the Account and Group.

    Use the Add Missing Attributes and Keep Extra Attributes options to select to add missing attributes from the old (original) application type to the new application type, and to keep attributes that are on the new application type but were not on the original application type.

  7. Go to the Provisioning Policy tab and select the provisioning policy to use for the reconfigured application.

    It is recommended that you use the policy that corresponds to the application type of the newly reconfigured application. You can use a different policy, but you must manually edit that policy to match the changes made during the reconfiguration process.

  8. Save the reconfigured application.

After Application Reconfiguration

Check the reconfigured application for the following when the process is complete:

  • Attributes that were not mapped might not work, and the values might not get populated.

    • Unmapped attributes affect configurations (for example, policy or business roles), and context based historical data (for example, viewing certification history), that is based on a population that relies on the attribute.

    • Related populations might not be populated with identities.

    • Pending provisioning operations that contain that attribute might fail.

    • Verify other places that use the attribute, such as identity mapping, account mapping, roles, policies, and policy violations.

  • Verify the application definition for unwanted entries like build map rules or provisioning rules

  • Run the account and account group aggregation task

  • Run the refresh Identity Cube task

  • Run a task to prune the Identity Cubes