Creating a manual service type

The first step in this scenario creates a manual service type by adding a schema class to LDAP.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

First, log in to the IBM Verify Identity Governance administrative console as itim manager.

About this task

The insurance company provides reinsurance for a few small satellite companies. Employees in a small accounting department at the insurance company use an old ledger system that interfaces with a department in one of these satellite companies. This ledger system handles the general ledger and also functions as a financial record keeping and reporting system.

The old ledger system is slated for removal over the next two years. Management believes that the expense of developing a custom adapter to interface with Identity Manager is too great. However, management wants to track people who use the ledger system to facilitate auditing and regulatory compliance initiatives. For this purpose, the system administrator is tasked with creating a manual service.

This step creates a manual service type called LedgerSystem. The LedgerSystem service type initially has these account attributes:

Table 1. Attributes in the example service type
Attribute Required
employeeNumber Yes.
Password Remove this attribute, which is not needed for a ledger system.
User ID You cannot change this attribute. Accept the default.
employeeName Yes.

To create the service type by specifying a new LDAP schema class that has a employeeName attribute for the manual service, complete these steps:

Procedure

  1. Log in to the administrative console as an administrator.
  2. From the navigation tree, click Configure System > Manage Service Types.
  3. On the Manage Service Types page, click Create.
  4. On the General notebook tab, complete these fields:
    Service Type Name
    Type LedgerAccount. This value becomes the service type name. Do not include spaces in the name. This name is a new LDAP class that you create during this scenario. Avoid specifying an identical value in the LDAP class and the Service Type Name fields.
    Description
    This field is read-only.
    Service Provider
    Select Manual.
  5. Click the Service notebook tab and complete this field:
    LDAP class
    Type LedgerService. Do not include spaces in the name. This entry is a new LDAP class that you create during this scenario. Avoid specifying an identical value in the LDAP class and the Service Type Name fields.
  6. Click the Account notebook tab and complete these steps:
    1. In the LDAP class field, type LedgerProfile. Do not include spaces in the name.
    2. In the Attributes table, click Add, type each of these attributes in the Attribute name field and then click OK to add each attribute:
      • employeeName

        For employeeName, select Required and Directory String.

      • employeeNumber

        For employeeNumber, select Required and Directory String.

      Note: Manual service types do not support 'action' as an attribute name. 'action' is a reserved word.
    3. In the Attributes table, check the Password attribute and click Remove.
  7. Click OK to create the service type.
  8. On the Success page, click Close. You might see the following warning message: CTGIMU817W The attributes were not updated due to the following LDAP warnings: * CTGIMO111E Fail to add or update schema for attribute [employeeNumber]. Reason: [LDAP: error code 80 - Other].
  9. Click Close.
  10. On the navigation tree, click Configure System > Manage Service Types. Validate that a LedgerAccount item exists in the Service Type column.