Users

Edit online

The user/person types are fundamentally different in ISVG-GOV and IGI. While IVIG has Person and Business person as the person types available out of the box, ISVG-Gov has Employee, External, System, Training and UME types. Custom person types are supported on both the systems too. The attributes supported in both the systems are different too.

Overview

There are two ways to load users present in IGI into IVIG.
1. Common datasource between IGI and IVIG

Customer may have used a data source or repository for loading users into an IGI system. The same repository could be used for loading persons into IVIG. Refer Identity feed management for more details.

2. Migrate from IGI using the migration tool

To migrate the users in IGI directly into IVIG, the extracted user configurations will be helpful. It will provide insights on the details of available user types, user attributes, etc. in IGI. These details can then be used to plan the number of users, their types and attributes to be migrated. Below are the details which enable customers to migrate users and its associated customizations.

Queries to read data from IGI

The migration tool provides customizable SQL queries to fetch users and user configurations from the ISVG-Gov database. The out of the box query to fetch users is provided in igisql.properties with property name "igi.user.sql.users". It will fetch basic user details like user ID, name, surname, email etc.

This query can be customized to fetch other user attributes as well. The retrieved user records will be stored in Users.csv by default. This too is configurable in application.properties file.

Load IGI users in to IVIG

To load the retrieved users from IGI into IVIG using the CSV generated above, create a CSV Feed service. Depending on the requirement, it can be done in two ways:
1. Create a feed service with default "Person" type

Use this option when the customer wants to migrate users with basic attributes like uid, cn, sn, givenname and email along with the respective user accounts from IGI to IVIG. When creating the CSV Feed service, select the "Person profile name" as "Person" and Users.csv as the input CSV file. After reconciliation, users with type "Person" would be created in IVIG.

2. Create a feed service with custom person type

For e.g., a user of type "Employee" in IGI needs to be created in IVIG with the same type as "Employee" and with its respective custom attributes like Employee ID, department, salary etc. Follow below steps to migrate such users.

Use this option when customer wants to migrate users with custom types like Employee, Contractor etc. and/or with advanced attributes associated with users.

  1. Execute the migration utility to read user configurations. Refer the generated reports to understand the available user types, user attributes and its details in IGI.

  2. To fetch the users in IGI with its custom attributes, update the igisql.properties file. Customize the query with property name "igi.user.sql.users" as per requirement. Different user attributes in IGI are present in IGACORE.PERSON, IGACORE.S_USER and IGACORE.USER_ERC tables in IGI. The DB administrator can help design the query in this case.

  3. Execute the migration utility to read the data with the above custom defined query.

  4. Once the users are extracted out of IGI, update the IVIG setup to contain the custom user type (e.g. "Employee") and attributes (e.g. "EmployeeID", "department").

    • Update the IVIG backend LDAP schema i.e., V3.modifiedschema file and restart the LDAP instance.

    • On the admin console in IVIG, define a new person type entity by navigating to "Configure System - Manage Entities" section. Map the required attributes as well.

    • Also update the design forms to contain the new user type and attributes.

  5. Create a CSV Feed service with "Person profile name" as the custom person type (e.g. Employee). Use input CSV file for this feed service as Users.csv, which is generated as the output of custom query defined above.

  6. After reconciliation, users with customer person type and custom attributes would be created in IVIG.

User Account Mappings

A user in IGI would be associated with multiple accounts. This one to many relationship between user and accounts would be extracted from IGI.

A user in IVIG contains an "eraliases" attribute. The accounts of each user would be mapped to this multivalued attribute of the respective IVIG user.

This helps in mapping the users with its corresponding user accounts, once the associated services are created and reconciled.

The names of the accounts associated with the extracted users in IGI are exported in "eraliases" column of the CSV output. While defining a custom query for user extraction too, it is recommended to export the account names as eraliases.

After reconciling the corresponding CSV feed service, ensure that the "Aliases" user attribute is populated with the names of associated user accounts. The populated account names would be unique.

The customer can then plan to create an adoption policy which matches the "Aliases" attribute of user to "eruid" or "User ID" of an Account. Read more about adoption policies here, Manage Adoption Policies and Global Adoption Policies.

Eventually, after creating and reconciling a service which contains accounts for the exported users in IGI, accounts would be created in IVIG too which would be adopted by the respective owners.

User Configurations

Below types of user configurations can be extracted from IGI. These configurations can be referred to manually create equivalent configurations in IVIG.

  1. User Types:

    This extracts the available user types in IGI. For e.g. Employee, External or any other custom defined user types.

  2. UME user details

    A user who is associated to two or more access keys is called a User Multiple Entry (UME) User in IGI. Such users with parent UIDs and other related details are extracted from IGI.

  3. User attribute mappings

    This report extracts details about User Virtual attributes defined via AGC - Settings - User Virtual attributes. It is basically used for defining the linking between IGI data and external sources.

    It also gives similar report for users which are loaded via feed services into the IGI system.

  4. User account mapping details

    This extracts the mapping details between users and accounts. These details can be seen via AGC - Manage Users - Select user - Accounts tab.