IBM Security Verify Governance Adapter 10.0.4 for PeopleTools Adapter is available. Compatibility, installation, and other getting-started issues are addressed.
Copyright
International Business Machines Corporation 2003, 2025. All rights reserved.
US Government Users Restricted Rights -- Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
These Release Notes contain information for the following products that was not available when the IBM Security Verify Governance Server manuals were printed:
The PeopleTools Adapter is designed to create and manage User Accounts on the PeopleSoft application. The adapter runs in "agentless" mode and communicates using JDBC and the PeopleTools Java API to the systems being managed.
IBM recommends the installation of this Adapter (and the prerequisite IBM Security Directory Integrator) on each node of an IBM Security Verify Governance Server WAS cluster. A single copy of the adapter can handle multiple IBM Security Verify Governance Server services. The deployment configuration is based, in part, on the topology of your network domain, but the primary factor is the planned structure of your IBM Security Verify Governance Server Provisioning Policies and Approval Workflow process. Please refer to the IBM Knowledge Centre for a discussion of these topics.
IBM Security Verify Governance Server Adapters are powerful tools that require Administrator Level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from IBM Security Verify Governance Server will fail if the Adapter is not given sufficient authority to perform the requested task. IBM recommends that this Adapter run with administrative (root) permissions.
Review and agree to the terms of the IBM Security Verify Governance Server Adapter License prior to using this product. The license can be viewed from the "license" folder included in the product package.
Adapter Version
|
Version |
|
|
Release Date |
2025 June 19 21.54.32 |
|
Adapter Version |
10.0.4 |
|
Component Versions |
Adapter build: 10.0.4.4 Profile: 10.0.4.4 Connector: 10.0.4.4 Dispatcher 7.1.39 and above (packaged separately) |
|
Documentation |
The following guides are available in the IBM Knowledge Centre · Installation and Configuration Guide for IBM Security Verify Governance Adapter for PeopleTools · User Guide for IBM Security Verify Governance Adapter for PeopleTools |
New Features
|
Internal# |
Enhancement # (RFE) |
Description |
|
|
|
Items included in current 10.0.4 release |
|
SVGAD-4337 |
|
Enhance adapter to improve the reconciliation time |
|
|
|
Items included in 10.0.3 release |
|
SVGAD-3836 |
ADAPT-183 |
Recertify PeopleSoft adapter with 8.61 version |
|
SVGAD-3851 |
ADAPT-186 |
Certify the adapter for use with IBM Security Verify Directory Integrator version 10.0.0 |
|
|
|
Items included in 10.0.2 release |
|
SVGAD-222 |
ADAPT-105 |
Recertify PeopleSoft adapter with 8.60 version |
|
|
|
Items included in 10.0.1 release |
|
186988 |
|
Recertify PeopleSoft adapter with 8.58 version |
|
|
|
Items included in 7.1.10 release |
|
|
|
None
|
|
|
|
Items included in 7.1.9 release |
|
|
|
None
|
|
|
|
Items included in 7.1.8 release |
|
|
|
None |
|
|
|
Items included in 7.1.7 release |
|
|
151782 |
Add Support for Identity Governance and Intelligence (IGI) v5.2.2
This adapter is now designed for use with IBM Security Identity Manager, Privileged Identity Manager, and Identity Governance and Intelligence
Note – PeopleTools adapter does not support adapter inside VA functionality. It can’t be installed inside VA.
|
|
|
|
Items included in 7.0.6 release |
|
|
41825 (84139) |
People Tools 7.0.2 for PeopleSoft 8.55 adapter
|
|
|
|
Items included in 7.0.5 release |
|
|
Bug 1934 (RTC 138246) |
Not able to reconcile role ‘PeopleSoft Administrator’. The adapter now reconciles ‘PeopleSoft Administrator’ role in support data recon.
|
|
|
|
Items included in 7.0.4 release |
|
|
30315 |
PeopleTools 8.53 ISIM Adapter Support Domain Password
Note: Refer to Installation and Configuration Notes section.
|
|
|
|
Items included in 7.0.3 release |
|
|
|
Initial release. |
Closed Issues
|
Internal# |
APAR# |
Case# / Description |
|
|
|
Items closed in current 10.0.4 release |
|
|
|
None |
|
|
|
Items closed in 10.0.3 release |
|
SVGAD-3729 |
|
The following account attributes
enable selection solely from an initial list of 1000 values: |
|
|
|
Items closed in 10.0.2 release |
|
SVGAD-158 Bug 3671 TS007612140 |
APAR IJ36435 |
People Tools Error when trying to modify PeopleToolsAdapterALs.xml using SDI config editor |
|
|
|
Items closed in 10.0.1 release |
|
|
|
None |
|
|
|
Items closed in 7.1.10 release |
|
RTC 182520 |
|
As a PS adapter developer, I must ensure that the mapping for dn is correct in attributemapping.def file
|
|
|
|
Items closed in 7.1.9 version |
|
Bug 2363 |
PMR 40717,122,000 |
ConGetUsers fails during recon if "Database Table Owner Name" is specified
|
|
Bug 2466 |
PMR 50562,300,838 |
Recon fails when attempting to use 'database table owner'
|
|
|
|
Items closed in 7.1.8 version |
|
Bug 2231 (RTC 154718) |
PMR 40717,122,000 |
PeopleSoft password change fail with PSTools 8.55 |
|
Bug 2190/2252 (RTC 152471) |
PMR 50562,300,838 |
PeopleSoft adapter always performs a full reconciliation. |
|
|
|
Items closed in 7.1.7 version |
|
|
|
None
|
|
|
|
Items closed in 7.0.6 version |
|
|
|
None
|
|
|
|
Items closed in 7.0.5 version |
|
|
|
None
|
|
|
|
Items closed in 7.0.4 version |
|
|
|
None
|
|
|
|
Items closed in 7.0.3 version |
|
|
|
Initial release
|
Known Limitations
|
Internal# |
APAR# |
Case# / Description |
|
SVGAD-4654 |
N/A |
Addition and modification of User Alternate ID attribute fails in PeopleTools adapter. During add operation, adapter sends success message but doesn't reflect updates on target, whereas during modify account operation, adapter throws exception in assembly line but in ISIM operation stays in pending status and doesn't update the status to fail. |
|
SVGAD-3753 |
N/A |
The container versions of IBM Verify Identity Governance that works with this adapter is 11.0.0.0_IF1 image and above. Other IBM Verify Identity Governance images and IBM Security Verify Governance Identity Manager v10 images including 10.0.2.4 experience permissions issues while importing sub-forms for PeopleTools Adapter.
|
|
N/A |
N/A |
Setting Custom ID Type If a custom ID Type defined as "Custom" with 2 attribute say MyCustAttr1 and MyCustAttr2 with MyCustAttr1 as a required attribute and MyCustAttr2 as an optional attribute then two cases arises:
a) When an invalid value is provided for the optional attribute, the user is added on the resource. The value format which goes to the adapter is: Custom#MyCustAttr1$Myvalue1|MyCustAttr2$Myvalue2 Where Myvalue1 and Myvalue2 are values you want to set and Myvalue2 is an invalid value. The resource sets this ID Type with the following structure. PSOPRALIAS - OPRALIASTYPE Custom - PSOPRALIASFIELD [1] -PSOPRALIASNAME MyCustAttr1 -PSOPRALIASVALUE Myvalue1 -PSOPRALIASDESCR - PSOPRALIASFIELD [2] -PSOPRALIASNAME MyCustAttr2 -PSOPRALIASVALUE -PSOPRALIASDESCR
b) When an invalid attribute name is provided in place of the optional attribute, the user is added on the resource. The format which goes to the adapter is: Custom#MyCustAttr1$Myvalue1|MyCust$Myvalue2 Where instead of providing MyCustAttr2 an invalid attribute name is sent The resource sets this ID Type with the following structure. PSOPRALIAS - OPRALIASTYPE Custom - PSOPRALIASFIELD [1] -PSOPRALIASNAME MyCustAttr1 -PSOPRALIASVALUE Myvalue1 -PSOPRALIASDESCR
Note: This issue is applicable to all the PeopleTools versions. This is working as designed. The value sent to adapter is constructed value and there is no provision to inform IBM Security Identity Manager that part of value is failed. After reconciliation or lookup the invalid attribute for an ID type will get cleared.
In case ‘a’: after reconciliation the IBM Security Identity Manager will show the following in the values field of the ID Type subform. MyCustAttr1$Myvalue1|MyCustAttr2$ Instead of MyCustAttr1$Myvalue1|MyCustAttr2$Myvalue2
In case ‘b’: after reconciliation the IBM Security Identity Manager will show the following in the values field of the ID Type subform MyCustAttr1$Myvalue1|MyCustAttr2$ Instead of MyCustAttr1$Myvalue1|MyCust2$Myvalue2
Possible workaround: No workaround is available. This is a PeopleTools resource API behavior.
|
|
N/A |
N/A |
Reconciliation of Disabled ID Type If a user with a set ID Type is reconciled and that ID Type is disabled on the resource then the subform displays the ID Type instead of the ID Type Description.
For example : If the ID Type Emp which has the description as Employee is disabled on the resource then the subform will show Emp instead of Employee in the ID Type column of the sub form.
Possible workaround: this is expected behavior.
|
See the Installation and Configuration guide for IBM Security Verify Governance Adapter for PeopleTools for detailed instructions.
The PeopleSoft Adapter Installation and Configuration Guide can be obtained from the IBM Knowledge Center.
Corrections to Installation Guide:
Chapter 1: Overview
Features of the adapter
No updates for the
current release
Architecture of the adapter
No updates for the
current release
Supported configurations
No updates for the
current release
Chapter 2: Planning
Roadmap:
No updates for the current release
Prerequisites:
No updates for the current release
Chapter 3: Installing
Installing in the virtual appliance(Only for Identity Governance)
Add below note to the end of this chapter:
Note: While uploading the Adapter package, you may receive System
Error: A file included in the SDI Adapter zip already exists on the system
and the Server Message log under Appliance tab of VA will have a
reference to error com.ibm.identity.sdi.SDIManagementService E File
ibm.com_IBM_Verify_Identity_Governance_xxxx.swidtag found in the adapter zip at
location ILMT-Tags/ already exists in system. This is because, you can
install the same swidtags only once. So, if another adapter of the same type is
installed, remove the swidtags.
The ibm.com_IBM_Verify_Identity_Governance_Enterprise-xxxx.swidtag file
is common to all adapters. In addition to the common swidtag file, an
application adapter needs ibm.com_IBM_Verify_Identity_Governance_Application_Adapters-xxxx.swidtag
file and an infra adapter needs ibm.com_IBM_Verify_Identity_Governance_Lifecycle-xxxx.swidtag
and ibm.com_IBM_Verify_Identity_Governance_Compliance-xxxx.swidtag
files. So, if an application adapter is already installed and this is an infra
adapter, then only install the infra-specific swidtags and the other way
around. Please visit Security
Verify Governance Adapters v10.x link to identify the adapter type of the
installed adapters.
Installing in an IBM Security Verify Directory Dispatcher Container
Before you begin
The steps to install adapter and related
files into the container can be performed using the adapterUtil.sh script,
which is shipped with the dispatcher package. This script should be staged on
the machine running Kubernetes cli. The adapterUtil.sh script is also readily
available in the bin directory of ISIM IBM Security Verify Governance Identity
Manager Container Starter Kit installation directory (If ISVDI was selected for
installation during the ISIM container installation steps).
If, for any reason, the adapter util
script cannot be executed or used, the below manual instructions must be
followed to copy the files to the persistent volume.
Note: The container must be
restarted after installing or uninstalling the adapter and any changes to the
configuration yaml. To activate changes and restart the container run the
following commands:
·
<path_to_starterkit>/bin/createConfigs.sh isvdi
· For OpenShift container: oc -n
isvgim rollout restart deployment isvdi
· For Kubernetes container: kubectl
-n isvgim rollout restart deployment isvdi
Note: This document only describes
the adapterUtil.sh command options that are required to install this adapter.
For other command options, such as listing installed connectors and 3rd party
jars, please refer to the Dispatcher10 Installation and Configuration Guide.
Installing / Upgrading / Re-installing / Downgrading the adapter
Using Script
Use
below command to install / upgrade/ re-install / downgrade the adapter:
/path/to/adapterUtil.sh -loadAdapter
"/path/to/Adapter-PeopleTools-*.zip" accept
Where
/path/to/adapterUtil.sh is the location where the adapterUtil.sh script is
installed and /path/to/Adapter-PeopleTools-*.zip is the location where the
Adapter zip file is staged on the machine running Kubernetes cli.
Manually copying files to Persistent
Volume
Copy
the files to the persistent volume mapped to the /opt/IBM/svgadapters
directory of the container image as per the given directory structure:
PeopleSoftConnector.jar
Copy this file to <Persistent_Volume>/jars/connectors
directory.
ILMT-Tags
Copy below files to <Persistent_Volume>/swidtag
directory:
·
ibm.com_IBM_Verify_Identity_Governance_Application_Adapters-11.0.0.swidtag
·
ibm.com_IBM_Verify_Identity_Governance_Enterprise-11.0.0.swidtag
Deploying the ID type subform
About this task
You
must perform this procedure only while using ISVGIM or IVIG Container, else
this step can be skipped.
Procedure
1.
Execute below command on the system where ISIM starter kit is installed, this
will copy extensions and custom directories from ISIM container
to <Starter_Kit_Directory>/extensions and <Starter_Kit_Directory>/custom
directories.
<Starter_Kit_Directory>/bin/util/getExtensions.sh
2.
Copy the contents (storeValues.jsp, opraliastype.jsp and opraliasstyle.css
files) from opraliastype.zip file to below directories:
<Starter_Kit_Directory>/custom/itim_console.war/subforms
<Starter_Kit_Directory>/custom/isim_isc_subform.war/subforms
3.
Copy the contents of <Starter_Kit_Directory>/custom directory (not
the custom directory itself) to the persistent volume which is is mounted at /tmp/isvgimcustom
directory of ISVGIM or IVIG container.
See
https://www.ibm.com/docs/en/sig-and-i/11.x?topic=customization-overview
for more details.
Copying 3rd party libraries:
Using Script
Use
below command to copy 3rd party jars:
/path/to/adapterUtil.sh -copyTo3rdpartyOthers "/path/to/ojdbc8.jar"
/path/to/adapterUtil.sh -copyTo3rdpartyOthers "/path/to/psjoa.jar"
/path/to/adapterUtil.sh -copyTo3rdpartyOthers
"/path/to/CompIntfc.jar"
This
command will copy the 3rd party jars to <Persistent_Volume>/jars/3rdparty/others
directory.
Manually copying files to Persistent
Volume
Copy
below 3rd party jar files to <Persistent_Volume>/jars/3rdparty/others
directory (Refer release notes for the supported jar versions):
· ojdbc8.jar
· psjoa.jar
·
CompIntfc.jar
Enabling LLE (Link-Level Encryption)
Refer https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced
page from SVDI.
If the config.yaml file which is used as
the YAML_CONFIG_FILE environment variable for the container doesn't have
an advanced configuration element, follow the instructions that are provided in
https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced
to add an advanced configuration section to the config.yaml file.
To enable LLE, add given attr and value
(key pair as mentioned in the SVDI guide) as below:
- attr: TM_ALLOW_NOTLS
value: 'Y'
Note: The container must be
restarted after making these changes to the configuration yaml. To activate
changes and restart the container run the following commands:
·
<path_to_starterkit>/bin/createConfigs.sh isvdi
· For
OpenShift container: oc -n isvgim rollout restart deployment isvdi
· For
Kubernetes container: kubectl -n isvgim rollout restart deployment isvdi
Enabling TLS 1.2
Refer https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced
page from SVDI.
If the config.yaml file which is used as
the YAML_CONFIG_FILE environment variable for the container doesn't have
an advanced configuration element, follow the instructions that are provided in
https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#advanced
to add an advanced configuration section to the config.yaml file.
To enable TLSv1.2, add 2 attr and value
(key pair as mentioned in the SVDI guide) as below:
- attr: com.ibm.di.SSLProtocols
value: 'TLSv1.2'
- attr: com.ibm.di.SSLServerProtocols
value: 'TLSv1.2'
Note: The container must be restarted
after making these changes to the configuration yaml. To activate changes and
restart the container run the following commands:
·
<path_to_starterkit>/bin/createConfigs.sh isvdi
· For
OpenShift container: oc -n isvgim rollout restart deployment isvdi
· For
Kubernetes container: kubectl -n isvgim rollout restart deployment isvdi
Enabling debug logs and disabling json-logging
Refer https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#general_logging
page from SVDI.
If the config.yaml file which is used as
the YAML_CONFIG_FILE environment variable for the container doesn't have
root-level and json-logging configuration elements, follow the
instructions that are provided in https://www.ibm.com/docs/api/v1/content/SSCQGF_10.0.0/container/html/verify-directory-integrator.html#general_logging
to the add root-level and json-logging configuration elements
section to the config.yaml file.
To enable debug logs, set value for root-level
to debug and to disable json logging, set value for json-logging
element to false.
Note: The container must be
restarted after making these changes to the configuration yaml. To activate
changes and restart the container run the following commands:
·
<path_to_starterkit>/bin/createConfigs.sh isvdi
· For
OpenShift container: oc -n isvgim rollout restart deployment isvdi
· For
Kubernetes container: kubectl -n isvgim rollout restart deployment isvdi
Uninstalling the adapter
Using Script
Use
below command to remove the adapter:
/path/to/adapterUtil.sh -removeAdapter Adapter-PeopleTools
Manually copying files to Persistent
Volume
Remove files from the given directory structure of the persistent volume mapped
to /opt/IBM/svgadapters directory of the container image.
PeopleSoftConnector.jar
Remove this file from <Persistent_Volume>/jars/connectors
directory.
ILMT-Tags
Remove below files from <Persistent_Volume>/swidtag
directory:
· ibm.com_IBM_Verify_Identity_Governance_Application_Adapters-11.0.0.swidtag
·
ibm.com_IBM_Verify_Identity_Governance_Enterprise-11.0.0.swidtag
3rd party jars
Remove 3rd party jar files used by this
adapter listed below from <Persistent_Volume>/jars/3rdparty/others
directory:
· ojdbc8.jar
· psjoa.jar
· CompIntfc.jar
PeopleSoft resource-specific JAR files
Remove psft.jar secrtion from the description.
Generating the CompIntfc.jar file
Remove step 9 "For PeopleTools 8.54, copy the com folder from
\installedApps\peoplesoftNodeCell\peoplesoft.ear\PORTAL.war\WEB-INF\classes to
ITDI_HOME\jars\3rdparty\others."
Replace existing content for step 6 "Compile the Java files." as
below:
a.
Open the command prompt and go the directory where the generated Java files are
located.
For
example,
cd
e:\enrole
b.
Go to the PeopleSoft\Generated\CompIntfc\ directory.
c.
Compile java code using below command to make it work with both SDI 7.2 (Java
8) and SDI 10 (Java 17).
javac
-classpath PEOPLESOFT_HOME\web\psjoa\psjoa.jar *.java --release 8
where,
PEOPLESOFT_HOME is a path PeopleSoft installation directory.
d.
Optional: You can delete all the generated Java files except the .class files
from the existing directory.
Enable LLE (Link-Level Encryption) (Add new chapter)
About this task
Starting Oracle Tuxedo Release 22c, LLE is disabled by default. Tuxedo
client/server exits with an error, while detecting LLE in use instead of
reporting a warning message in the User Log (ULOG). Setting the environment
variable TM_ALLOW_NOTLS to Y allows you to enable LLE.
Procedure
Add below property to solution.properties file under timsol directory and
restart Dispatcher instance:
TM_ALLOW_NOTLS=Y
Importing the adapter profile
For Identity Manager, keep only first chapter from current installation guide
and remove other duplicate chapters.
For
Identity Governance, keep only fourth chapter from current installation guide
and remove other duplicate chapters.
Importing attribute mapping file
For Identity Manager, remove this chapter.
Adding a connector
For Identity Manager, remove this chapter.
Enabling connectors
For Identity Manager, remove this chapter.
Reviewing and setting channel modes for each new connector
For Identity Manager, remove this chapter.
Attribute Mapping
For Identity Manager, remove these chapters.
For Identity Governance, keep only 1 chapter.
Deploying the ID type subform
For Identity Governance, remove this chapter.
Creating an adapter service/target
For Identity Manager, keep only third chapter from current installation guide
and remove other duplicate chapters.
For
Identity Governance, remove all these chapter.
Installing the adapter language package
For Identity Manager, remove these chapters.
Verifying that the adapter is working correctly
For Identity Manager, keep only first chapter from current installation guide
and remove other duplicate chapter.
Chapter 4: Upgrading
No updates for the current release
Chapter 5: Configuring
Customizing the adapter
The adapters can be customized or extended or both. The type and method of this
customization varies depending on the adapter.
Customizing and extending adapters requires a number of skills. The developer
must be familiar with the following concepts and skills:
- IBM Security Verify Governance Identity Manager administration
-
IBM Security Verify Governance administration
- IBM Security Directory Integrator management
- Security Directory Integrator Assembly Line development
- LDAP schema management
- Working knowledge of Java™ scripting language
- Working knowledge of LDAP object classes and attributes
- Working knowledge of XML document structure
Note: If the customization requires a new Security Directory Integrator
connector, the developer must also be familiar with Security Directory
Integrator connector development and working knowledge of Java programming
language.
Support for custom adapters
The
integration to IBM Security Verify Governance servers "the adapter
framework" is supported. However, IBM does not support the customizations,
scripts, or other modifications. If you experience a problem with a customized
adapter, IBM Support may require the problem to be demonstrated on the GA
version of the adapter before a PMR is opened.
Chapter 6: Troubleshooting
Enabling DEBUG Logs on SDI Server
Procedure:
1. Stop the SDI Server process
Pre-7.2.0-ISS-SDI-FP0008
2. Edit the <SDI_Solution_Directory>/etc/log4j.properties
3. Modify the following line:
log4j.rootCategory=INFO, Default
to
log4j.rootCategory=DEBUG, Default
Post-7.2.0-ISS-SDI-FP0008
2. Edit the <SDI_HOME>/etc/log4j2.xml
3. Modify the following line:
<Root level="info">
to
<Root level="debug">
Post-7.2.0-ISS-SDI-FP0011 (To enable TCB block in debug)
4. Append the line com.ibm.di.logging.close=false in the
<SDI_HOME>/etc/global.properties file.
5. Start the SDI Server process
6. Re-create the problem and collect the
<SDI_Solution_Dir>/logs/ibmdi.log
Logs are not getting printed in FP13 in Windows OS
Procedure:
1. Copy log4j2.xml file from <SDI_Home_Dir>/etc and add to the
<SDI_Solution_Dir>/etc (which was missing there).
2. Configure
jvmcmdoptions=-Dlog4j2.configurationFile=etc\log4j2.xml
3. Restart SDI Server process
Error messages and problem solving
Update the row with Message number CTGIMT001E in "Table 1. Specific
warning and error messages and actions" as below:
|
Message number |
Message |
Action |
|
CTGIMT001E |
The following error occurred. Error: Initialize Error: Unable to establish the connection with the PeopleSoft Application Server. |
- Verify
that the PeopleSoft Application Server is running. |
Chapter 7: Uninstalling
No updates for the current release
Chapter 8: Reference
Special attributes (Only for Identity Governance)
Email Addresses
The PeopleSoft account email is a multi-valued attribute, which means a user
can have more than one email address.
To enter an email address on the IBM Security Verify Governance form, you must
follow this syntax:
a|b|c
a=ON for Primary email, else OFF.
b=Email type. BB for Blackberry, BUS for Business, HOME for home, WORK for work
and OTH for Others.
c=The email address.
For example, to enter five email addresses for user Jon Doe:
ON|BB|jon.doe@blackberry.com (Blackberry email)
OFF|BUS|jon.doe@business.com (Business email)
OFF|HOME|jon.doe@home.com (Home email)
OFF|WORK|jon.doe@work.com (Work email)
OFF|OTH|jon.doe@other.com (Other email)
ID Types and Values
The PeopleSoft account ID type is a multi-valued attribute, which means a user
can have more than one ID type.
To enter a ID type and value on the IBM Security Verify Governance form, you
must follow this syntax:
a#b
a=ID type. CST for Customer, CNT for Customer Contact, EMP for Employee, EQD
for Equation Data Auth Classes, EQX for Equation External Auth Classes, EQN for
Equation Name Auth Classes, EQS for Equation Sql Auth Classes, EJA for External
Job Applicant, NON for None and VND for Vendor.
b=The value for ID.
Corrections to User Guide:
Index/Introduction: PeopleTools Adapter User
Guide
This guide provides information that you need to manage user accounts on the
PeopleSoft server using the IBM® Security Identity Manager Verify
Governance products. This book describes user account management tasks, such as
reconciliation, add, modify, suspend, restore, delete, and password change.
- Overview
An adapter is an interface between a managed resource and the IBM Security Identity
server Verify Governance products. The PeopleTools Adapter provides
connectivity between IBM Security Identity Manager Verify Governance
Identity Manager or IBM Security Verify Governance and the PeopleSoft server.
- User account management
IBM Security Identity Manager Verify Governance Identity Manager or IBM
Security Verify Governance manages user accounts stored on the PeopleSoft
server using the PeopleTools Adapter.
- Troubleshooting
No changes
- Reference
No changes
Chapter 1: Overview
An adapter is an interface between a managed resource and the IBM®
Security Identity server Verify Governance products. The PeopleTools Adapter
provides connectivity between IBM Security Identity Manager Verify
Governance Identity Manager or IBM Security Verify Governance and the
PeopleSoft server.
The
adapter runs as a service, independent of whether you are logged on to IBM
Security Identity ManagerIBM Security Identity Governance and
IntelligenceIBM Security Privileged Verify Governance Identity Manager and
IBM Security Verify Governance.
Prerequisites:
.
Replace "Table 1. Prerequisites checklist" table with below
one:
|
Task |
For more information, see |
|
Install the adapter |
See the adapter's Installation and Configuration Guide |
|
Import the adapter profile into the IBM® Security Verify Governance server |
See the adapter's Installation and Configuration Guide |
|
Create an adapter service |
See the adapter's Installation and Configuration Guide |
|
Configure the adapter |
See the adapter's Installation and Configuration Guide |
|
Perform a reconciliation operation to retrieve user accounts and store them in the IBM Security Verify Governance server |
Managing reconciliation schedules in the IBM Security Verify Governance Identity Manager or IBM Security Verify Governance product documentation |
|
Adopt orphan accounts on IBM Security Verify Governance Identity Manager or IBM Security Verify Governance |
Assigning an orphan account to a user in the IBM Security Verify Governance Identity Manager or IBM Security Verify Governance product documentation |
|
Start the adapter |
Chapter 2: User Account Management
IBM® Security Identity Manager Verify Governance Identity Manager or IBM
Security Verify Governance manages user accounts stored on the PeopleSoft
server using the PeopleTools Adapter.
You can perform the following operations:
- Add, modify, or delete an account
- Suspend or restore an account
- Reconcile accounts
You can manage:
- Accounts for a specific person
- Accounts for a service instance
- Specific accounts by using the search function of IBM Security Identity
ManagerIBM Security Identity Governance and IntelligenceIBM Security Privileged
Identity Manager Verify Governance Identity Manager or IBM Security Verify
Governance
- Reconciling accounts
Reconciliation synchronizes the accounts and supporting data between IBM
Security Identity server Verify Governance Identity Manager or IBM
Security Verify Governance and the managed server. Reconciliation is required
so that data is consistent and up-to-date.
- Adding user accounts
You can add user accounts at any time for either an existing person or a new
person in the organization.
- Modifying user accounts
You can modify user account attributes at any time in IBM Security Identity
ManagerIBM Security Identity Governance and IntelligenceIBM Security Privileged
Identity Manager Verify Governance Identity Manager or IBM Security Verify
Governance.
- Suspending user accounts
When you suspend a user account, the status of the user account on IBM Security
Identity ManagerIBM Security Identity Governance and IntelligenceIBM
Security Privileged Identity Manager Verify Governance Identity Manager or
IBM Security Verify Governance becomes inactive and the user account becomes
unavailable for use.
- Restoring user accounts
The restore operation reinstates the suspended user accounts to IBM Security Identity
Manager Verify Governance Identity Manager or IBM Security Verify
Governance.
- Deleting user accounts
Use the IBM Security Identity ManagerIBM Security Identity Governance and
IntelligenceIBM Security Privileged Identity Manager Verify Governance
Identity Manager or IBM Security Verify Governance deprovision feature to
delete user accounts.
Reconciling accounts
Reconciliation synchronizes the accounts and supporting data between IBM®
Security Identity server Verify Governance Identity Manager or IBM
Security Verify Governance and the managed server. Reconciliation is required
so that data is consistent and up-to-date.
The reconciliation operation retrieves the user account information from the
PeopleSoft server and stores it in the directory server of IBM Security Identity
Manager Verify Governance Identity Manager or IBM Security Verify
Governance.
You can schedule reconciliation to run at specific times and to return specific
parameters. Running a reconciliation before its schedule time does not cancel the
scheduled reconciliation. For more information about scheduling reconciliation
and running a scheduled reconciliation, see the IBM Security Identity
ManagerIBM Security Identity Governance and IntelligenceIBM Security Privileged
Identity Manager Verify Governance Identity Manager or IBM Security Verify
Governance product documentation.
You can perform the following reconciliation tasks at any time from IBM
Security Identity ManagerIBM Security Identity Governance and
IntelligenceIBM Security Privileged Identity Manager Verify Governance
Identity Manager or IBM Security Verify Governance:
- Reconciling support data
- Reconciling a single user account
Adding user accounts
You can add user accounts at any time for either an existing person or a new
person in the organization.
Adapter attributes define the accounts on the account form. For specific
procedures, see the IBM® Security Identity ManagerIBM Security Identity
Governance and IntelligenceIBM Security Privileged Identity Manager Verify
Governance Identity Manager or IBM Security Verify Governance product
documentation.
- Attributes for adding user accounts
No change
- Alternate user ID
No change
- User supervisor
No change
- Specification of email addresses
No change
- ID Type specification
No change
- Permission
No change
- Role names
No change
Attributes for adding user accounts
No change
Alternate user ID
No change
User supervisor
No change
Specification of email addresses
No change
ID Type specification
No change
Permission
No change
Role names
No change
Modifying user accounts
(Update only first line in the beginning of the page and then last section Password
change of user accounts on the page)
You can modify user account attributes at any time in IBM® Security Identity
ManagerIBM Security Identity Governance and IntelligenceIBM Security Privileged
Identity Manager Verify Governance Identity Manager or IBM Security Verify
Governance.
Password change of user accounts
You can change the password of any of the PeopleTools accounts that exist on
IBM Security Identity Manager. For information about changing passwords, see
the IBM Security Identity Manager Verify
Governance Identity Manager or IBM Security Verify Governance product
documentation.
Suspending user accounts
When you suspend a user account, the status of the user account on IBM®
Security Identity ManagerIBM Security Identity Governance and
IntelligenceIBM Security Privileged Identity Manager Verify Governance Identity
Manager or IBM Security Verify Governance becomes inactive and the user account
becomes unavailable for use.
Suspending a user account does not remove the user account from IBM Security Identity
ManagerIBM Security Identity Governance and IntelligenceIBM Security Privileged
Identity Manager Verify Governance Identity Manager or IBM Security Verify
Governance. For more information about suspending user accounts, see the IBM
Security Identity Manager Verify Governance Identity Manager or IBM
Security Verify Governance product documentation.
When you suspend a user account from IBM Security Identity Manager
Verify Governance Identity Manager or IBM Security Verify Governance, the
PeopleTools Adapter sets the value of the Account Locked Out attribute
on the PeopleSoft server to TRUE.
Restoring user accounts
The restore operation reinstates the suspended user accounts to IBM® Security Identity
Manager Verify Governance Identity Manager or IBM Security Verify
Governance.
When you restore a user account from IBM Security Identity Manager
Verify Governance Identity Manager or IBM Security Verify Governance, the
PeopleTools Adapter sets the value of the Account Locked Out attribute
on the PeopleSoft server to FALSE.
After restoring a user account, the status of the user account on IBM Security Identity
Manager Verify Governance Identity Manager or IBM Security Verify Governance
becomes active. For more information about restoring user accounts, see the IBM
Security Identity Manager Verify Governance Identity Manager or IBM
Security Verify Governance product documentation
Deleting user accounts
Use the IBM® Security Identity ManagerIBM Security Identity Governance and
IntelligenceIBM Security Privileged Identity Manager Verify Governance
Identity Manager or IBM Security Verify Governance deprovision feature to
delete user accounts.
For more information about deleting user accounts, see the IBM
Security Identity Manager Verify Governance Identity Manager or IBM
Security Verify Governance product documentation.
Chapter 3: Troubleshooting
Error logs
When an operation fails, the corresponding error messages and warnings are
logged in the ibmdi.log file. This file is in the adapters solution/logs
directory. The adapters solution directory is a Security Directory Integrator
work directory for IBM® Security Identity ManagerIBM Security Identity
Governance and IntelligenceIBM Security Privileged Identity Manager Verify
Governance Identity Manager or IBM Security Verify Governance adapters.
You can display the error logs in the user interface by running the Dispatcher from the command prompt. You can also configure logging information for the adapter. For more information about displaying logs in the user interface and configuring logging information, see the adapter's Installation and Configuration Guide.
Error messages and warnings
No change
Chapter 4: Reference
Reference information is organized to help you locate particular facts quickly
such as adapter attributes, application programming interfaces, files and
commands, where applicable.
- Adapter attributes
The IBM Security Identity server Verify Governance Identity Manager or IBM
Security Verify Governance communicates with the adapter by using attributes,
which are included in transmission packets that are sent over a network.
- Adapter customization for collection attributes
PeopleSoft has a constraint of setting the values of a collection attribute in
a specific sequence. Security Directory Integrator does not necessarily pass
the values on to the connector in the sequence they are received.
- Customizing the PeopleTools account form
You can add attributes of different Component Interfaces to the PeopleTools
account form. These Component Interfaces can be supported or not supported by
IBM Security Identity Manager Verify Governance Identity Manager or IBM
Security Verify Governance.
Adapter attributes
(Only first line needs to be updated, rest everything needs to be left as is)
The IBM® Security Identity server Verify Governance Identity Manager or
IBM Security Verify Governance communicates with the adapter by using
attributes, which are included in transmission packets that are sent over a
network.
Adapter customization for collection attributes
No
Change
Customizing the PeopleTools account form
About
this task
The Project file PT850_Component.zip for PeopleTools 8.50, 8.51, and 8.52
PTxxx_Component.zip for PeopleTools, which contains Component Interfaces, is
provided with the IBM Security Identity Manager Verify Governance
PeopleTools Adapter software. These interfaces are in the ENROLE_AGENT
subdirectory. This subdirectory is imported into the PeopleTools Application
Designer as a PeopleTools
Project.
Installation Platform
The IBM Security Verify Governance Adapter for PeopleTools was built
and tested on the following product versions.
Adapter
Installation Platform
Due to continuous Java security updates that may be applied to
your IBM Security Verify Governance servers, the following SDI releases are the
officially supported versions:
· Security Directory Integrator 7.2 + FP14
· Security Verify Directory Integrator 10.0.0 + FP5
Earlier versions of SDI that are still supported may function properly, however to resolve any communication errors, you must upgrade your SDI releases to the officially supported versions by the adapters. Please refer to the adapters installation and configuration guides for the latest update on IBM Security Directory Integrator versions and fix packs.
Managed Resource
· PeopleSoft PeopleTools v8.60
· PeopleSoft PeopleTools v8.61
PTxxx_COMPONENTS.zip resource
· PT860_COMPONENT.zip for PeopleTools 8.60
· PT861_COMPONENT.zip for PeopleTools 8.61
IBM Security Verify Governance and Intelligence:
· IBM Verify Identity Governance v11.0
· IBM Security Verify Governance Identity Manager v10.0
· IBM Security Verify Governance v10.0
*Unless this document specifies a specific fix pack version of ISVG Identity Manager v10, we expect the adapter to work with ISIM 6 as well. However, it will only be debugged and fixed from the perspective of ISVG-IM v10.
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not
intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product, program,
or service that does not infringe any IBM intellectual property right may be
used instead. However, it is the user's responsibility to evaluate and verify
the operation of any non-IBM product, program, or service.
IBM may have patents or
pending patent applications covering subject matter described in this document.
The furnishing of this document does not give you any license to these patents.
You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan
This
information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this
information to non-IBM Web sites are provided for convenience only and do not
in any manner serve as an endorsement of those Web sites. The materials at
those Web sites are not part of the materials for this IBM product and use of
those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged should contact:
IBM Corporation
2ZA4/101
11400 Burnet Road
Austin, TX 78758 U.S.A.
Such information may be available, subject to appropriate terms
and conditions, including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments
may vary significantly. Some measurements may have been made on
development-level systems and there is no guarantee that these measurements
will be the same on generally available systems. Furthermore, some measurements
may have been estimated through extrapolation. Actual results may vary. Users
of this document should verify the applicable data for their specific
environment.
Information concerning non-IBM products was obtained from the suppliers
of those products, their published announcements or other publicly available
sources. IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Microsoft, Windows, and the Windows logo are trademarks of Microsoft
Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates
End of Release Notes