The first step in this scenario creates a manual service
type by adding a schema class to LDAP.
Before you begin
Depending on how your system administrator customized your system, you might not
have access to this task. To obtain access to this task or to have someone complete it for you,
contact your system administrator.
First, log in to the IBM Verify Identity Governance administrative console as itim manager.
About this task
The insurance company provides reinsurance for a few small satellite companies. Employees in a
small accounting department at the insurance company use an old ledger system that interfaces with a
department in one of these satellite companies. This ledger system handles the general ledger and
also functions as a financial record keeping and reporting system.
The old ledger system is slated
for removal over the next two years. Management believes that the
expense of developing a custom adapter to interface with Identity Manager is too great. However, management wants to track people
who use the ledger system to facilitate auditing and regulatory compliance
initiatives. For this purpose, the system administrator is tasked
with creating a manual service.
This step creates a manual service
type called LedgerSystem. The LedgerSystem service type initially
has these account attributes:
Table 1. Attributes in the
example service type
Attribute |
Required |
employeeNumber |
Yes. |
Password |
Remove this attribute, which is not needed for
a ledger system. |
User ID |
You cannot change this attribute. Accept the
default. |
employeeName |
Yes. |
To create the service type by specifying a new LDAP
schema class that has a employeeName attribute for the manual service,
complete these steps:
Procedure
- Log in to the administrative console as an administrator.
- From the navigation tree, click .
- On the Manage Service Types page,
click Create.
- On the General notebook tab, complete
these fields:
- Service Type Name
- Type
LedgerAccount
. This value becomes the service
type name. Do not include spaces in the name. This name is a new LDAP
class that you create during this scenario. Avoid specifying an identical
value in the LDAP class and the Service Type Name fields.
- Description
- This field is read-only.
- Service Provider
- Select Manual.
- Click the Service notebook tab and
complete this field:
- LDAP class
- Type
LedgerService
. Do not include spaces in
the name. This entry is a new LDAP class that you create during this
scenario. Avoid specifying an identical value in the LDAP
class and the Service Type Name fields.
- Click the Account notebook tab and
complete these steps:
- In the LDAP class field, type
LedgerProfile
. Do not include spaces in the name.
- In the Attributes table, click Add, type each of these attributes in the Attribute name field and then click OK to add each attribute:
employeeName
For employeeName, select Required and Directory String.
employeeNumber
For employeeNumber, select Required and Directory String.
Note: Manual service types do not support 'action
' as an attribute name.
'action
' is a reserved word.
- In the Attributes table, check
the Password attribute and click Remove.
- Click OK to create the service type.
- On the Success page, click Close. You might see the following warning message: CTGIMU817W The attributes were not updated due to the following LDAP
warnings: * CTGIMO111E Fail to add or update schema for attribute
[employeeNumber]. Reason: [LDAP: error code 80 - Other].
- Click Close.
- On the navigation tree, click . Validate that a LedgerAccount item exists in the Service Type column.