To support group assignment, but not group
management for manual services, the group profile needs to be set
up in the manual service type configuration.
Before you begin
Depending on how your system administrator customized your system, you might not
have access to this task. To obtain access to this task or to have someone complete it for you,
contact your system administrator.
About this task
To set up a manual service type to support group assignment,
but not group management (which includes create, read, update, delete)
for manual services, complete these steps:
Procedure
- Define the group schema as an LDAP objectclass in the IBM Verify Identity Governance LDAP
server.
- Define a manual service (complete with service and account
objectclasses).
The account objectclass should contain
an optional multi-valued attribute that will be used to store the
group membership information. This service type should reference the
group schema created in the previous step.
The Manage
Service Types page allows the administrator to select an
existing LDAP objectclass for use as the group schema class. If you
want to create a new objectclass, you must create it manually and
load it directly into the LDAP server.
The mapped Group
ID, Group name, and Group
description attributes can all reference the same group
schema attribute, if desired. You cannot define multiple groups that
use the same group ID. The ID must be unique per group.
More
than one group schema can be defined for a given service type. The
definition of the second and subsequent schemas is performed in the
same manner as the first.
- Modify service and account forms for the service type using
the form designer.
This step is required to properly display
needed information when creating the service instance as well as creating
accounts.
- Create a manual service instance using the manual service
type that you created earlier in this process.