IBM Security Identity Governance and Intelligence, Version 5.2.3

Connectors

Select this tab to configure and manage the connectors of Identity Governance and Intelligence.

Important: If Identity Governance and Intelligence is in a clustered environment, see also Configuring enterprise connectors in a clustered environment.

The Connectors frame displays a list of the connectors available. You can select the Filter and enter the following information to refine the list of connectors or to find specific ones:

Table 1. Available filters to search connectors
Filter	Description
Name	The name of the connector
Enabled	Yes The connector is enabled. No The connector is not enabled.

The list of connectors shows the connector name and the following information about the connector. You might need to expand the width of the Connectors frame to view all of the information.

If the connector is enabled, an enabled connector icon is displayed. If the connector is enabled, it is ready to run.
The channel mode of the connector. A channel is the logical representation of the communication path that can be established between the Access Governance Core module (through a specific connector) and a generic target system. Three channel modes are available, represented as:
Write To

The Write To channel is used to send data from the Access Governance Core repository to a target system.

Read From

The Read From channel that used to import data from a target system into the Access Governance Core repository.

Reconciliation

Reconciliation is used to realign data that for some reason was changed in a target system with the data that is recorded in the Access Governance Core repository.
The Change Log Sync function is used to synchronize data between an Identity Brokerage target system and the change log.

A connector can operate in any or all of these modes, depending also on its type. The modes that are enabled for a connector are marked by the enabled connector icon .

You can click Actions to select any of the following options:

Add

Adds a connector so that you can configure a specific driver for setting a communication channel between a target system and Identity Governance and Intelligence.

Remove

Removes the selected connector configuration. Select an option, and click OK.

Remove the connector only.: Removes the connector and the change log (if it exists). The accounts and groups in the target are not affected.
Remove the connector and its application and account configuration.: Removes the connector, the change log (if it exists), and all of the entitlements and accounts in the application.

Import

Imports a connector configuration from an XML file.

Import example

Imports an example connector configuration from an XML file.

Export

Exports a selected connector configuration as an XML file.

When you select a connector in the list, the Connector Details accordion pane shows the following connector properties:

Table 2. Connector details
Detail	Description
Enabled	The enabled connector icon indicates that the connector is enabled. The disabled connector icon indicates that the connector is disabled. A disabled connector cannot run.
Channel Mode	Up to three channel modes are available, depending on the type of connector. They are displayed after the completion of an Action > Add operation. You can select the available channel modes and click Save. A check mark indicates that the connector is ready to run in the specific channel mode. All channel modes can be enabled concurrently.
Name	The name of the connector.
Description	An optional description that is related to the connector.
Profile Type	The profile type for the connector. This list can change dynamically. Some examples of available types include CSV, JBDC, and Identity Brokerage. For Identity Brokerage connectors, this field is preselected to Identity Brokerage. For more information about profile types, see Managing profile types.
Profile	The name of the associated profile, based on the profile type. Depending on the profile type that you select, the list of profiles is dynamic. For more information about profiles, see Target profile administration.
Entity	Depending on the connector type, this field might be preselected. For example, if the connector is HR feed, the entity is auto-selected as User. If the connector is not HR feed, the entity is auto-selected as Account.
Trace ON	When this check box is flagged, the connector is traced and logged in the `connnector_name`.log file. While the connector is running: If Trace is OFF, all connectors log in again to /opt/isig/IDEASPlatformEnv/log/iga_core/connectors.log. If Trace is ON, when the connector is running for the first time, a log file named `connector_name`.log.0 is created in the folder /opt/isig/IDEASPlatformEnv/log/connectors/. If the connectors folder does not exist, it is automatically created. When the log file exceeds 10MB, it is renamed as `connector_name`.log.1, and a new empty .log.0 file is created. The maximum number of log files is nine. After the maximum is reached, the logs are discarded.
Trace Level	This text box is enabled when you select the `Trace ON` check box. Choose one of these trace levels: INFO Records informational messages that highlight the progress of the application at coarse-grained level. DEBUG Records fine-grained informational events that are most useful to debug an application. ERROR Records error events that might still allow the application to continue running.
History ON	Select this check box to save the usage history of this connector. You can view the connector history by clicking Monitor > Connector Status > Connector History.

Global Config accordion pane

The Global Config accordion pane lists a number of connector properties that apply to all connectors, independently of their type.

Note: The Global Config properties are shown with their default values. These values must not be changed. Only an expert administrator can change these values for some specific customization.

Table 3. Global configuration properties for connectors
Property Name	Property Value	Description
rightNameValueSeparator	=	The character that is used for separating a name and its corresponding value.
reconciliationCode	1	A counter that is updated by the system each time reconciliation takes place.
modifyToAdd	`true`	During the reconciliation process, adds a record in the database in lieu of modifying it as done in the target. For example, if a record was modified in the target, but the record is not found in the Access Governance Core database, the record is created in the database. If the value is set to `false`, an error is logged when the record is not found.
auditEnabled	`true`	Change to `false` for disabling the audit.
disableMapping	`false`	Change to `true` to disable the mapping of connector object class fields.
Manage Event Target on error	`true`	Change to `true` to be able to manually handle error events that are generated by the target.

Configuration examples

You can choose some examples of configurations:

For processing one of the configurations that you can select, see Running a CSV connector.

Save your changes

After the selection of a connector in the Connectors frame, edit all needed information and click Save to validate the changes.

To complete all connector-related operational information, continue to the following tabs: