Onboarding the MySQL Application
Use this task to provision users from Verify to On-Premises MySQL adapter.
Before you begin
- Configure the identity agent for authentication in Verify. Refer, Configuring through the Verify user interface.
- Deploy and configure the IBM® Security Verify Identity Brokerage On-Premises component.
Procedure
- Log in as administrator on Verify.
- Select Applications > Applications and click Add application.
- Search application type as MySQL from pop up and click Add application.
- In the Add applications page, select the General tab specify the required details.
- Select the Account lifecycle tab.
- Specify the provisioning and deprovisioning policies.
Parameters Description Provision accounts Provision accounts are Disabled by default, which means the account creation is performed outside of IBM Security Verify.
Select the Enabled option in order to automatically provision an account when the entitlement is assigned to a user. Password generations and email notification features are available for the account created using IBM Security Verify.
Deprovision accounts Deprovision accounts are Disabled by default, which means account removal is performed outside of IBM Security Verify.
Select the Enabled option in order to automatically deprovision an account when entitlement is removed from a user.
Account password - Sync user's Cloud Directory password
- This option is available if Password sync is enabled on the Cloud Directory. It uses the Cloud Directory password when a regular user is provisioned to the application. Federated users receive a generated password when provisioned to the application.
- Generate password
- This option generates a random password for the provisioned account. The password is based on the Cloud Directory password policy.
- None
- This option provisions the account without a password.
Send email notification This option is available when the Generate password option is selected. When the Send email notification option is selected, an email notification with the auto generated password is sent to the email address after the account is provisioned successfully. Grace period (days) Set the grace period in days for which deprovisioned account is kept as suspended before deleting it permanently. Deprovision action Delete the account. This fields is available only if the deprovision account field is enabled. - In General section, select Application profile from the drop-down. If the profile does not exist create a new one. For more information, see Managing identity adapter application profiles.
- Specify the API authentication details.
Parameters Description Tivoli Directory Integrator location URL for the IBM Security Directory Integrator instance. For example, rmi://<ip-address>:<port>/ITDIDispatcher, where ip-address is the IBM Security Directory Integrator host and port is the port number for the RMI Dispatcher. MySQL Server Host Specify the host IP or name on which the MySQL server is running. MySQL Server Port Specify the TCP port on which the MySQL server is running. Specify 5432 to use the default MySQL port. MySQL Database Name Specify the name of the MySQL database to be managed. For example, MySQL. MySQL Administration User Account Specify the name of the user that can access the MySQL resource and do administrative operations. MySQL Administration User Password Specify the admin user's password. Identity agent Select an Identity Agent of type provisioning from the drop-down using which the application profile is discovered. Description Optional field. Add the description if needed. - Click Test Connection to test the connection to the MySQL adapter on premises. The connection needs to be successful to provision or reconcile accounts on the MySQL application.
- Map the target MySQL attributes to the Verify attributes as needed. Select the Keep updated check box for the attributes that need to be updated on the target.
- Select the Account sync tab.
- In the Adoption policy section, add one or more attribute pairs that need to match for the account sync process to assign MySQL accounts to their respective account owners on Verify.
- In the Remediation Policies section, choose a remediation policy to remediate non-compliant accounts automatically.
- Click Save.
- After the application is saved, specify the authorization policy on the Entitlements tab.