Release notes - IBM® Security Identity Governance and Administration Data Integrator

IBM Security Identity Governance and Administration Data Integrator is available. Compatibility, installation, and other getting-started issues are addressed.



Features and Purpose

Contents of this Release

New Features

Closed Issues

Known Issues

Known Limitations

Installation, Configuration and Operation Notes

Installing this fix pack to Data Integrator v7.0.2

Supported Configurations




The following abbreviations are used in this document.

ISIGADI:  IBM Security Identity Governance and Administration Data Integrator.

ITIM: IBM Tivoli Identity Manager.  From the version 6.0, the product name is changed to IBM Security Identity Manager.

ISIM:  IBM Security Identity Manager.

ISIG: IBM Security Identity Governance.

TDI:  IBM Tivoli Directory Integrator.


Features and Purpose

The defects fixed in this fix pack are listed in Closed Issues section.


Contents of this Release



Release Date

April 29th, 2016


Installation Guide

The installation procedures are described in the following TECH NOTE.

See Installing this fix pack to ISIGADI v7.0.2 section to apply this fix pack to ISIGADI v7.0.2, v7.0.2.1, or v7.0.2.2.


New Features

 Enhancement # (RFE)


ISIGADI v7.0.2.3



ISIGADI v7.0.2.2



ISIGADI v7.0.2.1



ISIGADI v7.0.2

IBM Tivoli Identity Manager 5.1 is supported.

ISIGADI v7.0.1.1

ISIG 5.1.1 is supported.

ISIGADI v7.0.1

Entitlement change fulfillment from ISIG to ISIM is supported.


Script files to start and stop TDI server and assembly line are provided.


Data synchronization from ISIM to ISIG is supported.


Closed Issues



PMR# / Description

ISIGADI v7.0.2.3          



The OutOfMemoryError happened after the Delta is running for several days.



ISIGtoISIM should not fulfill the entitlement changes that are generated by Data Integrator.



Delta assembly line removes ISIG role from a user on ISIG.




ISIGADI v7.0.2.2



Verify fails when ISIG admin user password is changed other than admin.



IBM Tivoli Directory Integrator Dashboard does not work.



[ISIGtoISIM.WritePermissionToISIM/ISIM - Group – Lookup] assembly line fails because the multiple entries found.



ISIGtoISIM assembly line results in success, but request is still pending on ISIM side

ISIGADI v7.0.2.1                



The StackOverflowError is thrown from System.getProperties() method while Delta assembly line is running.



The ISIG User password is not set when ISIM person is synchronized to ISIG.  The user id is set as the password.

ISIGADI v7.0.2                                       



ISIGADI v7.0.1.1            




ISIGADI v7.0.1                       



Delta load fails after an ISIM schema change



Person load fails if the erroles attribute contains empty string


Known Issues



PMR# / Description



Warning message counts as error in summary statistics report



Assigning an ISIM system group to a user in ISIG is not synchronized to ISIM. This is due to the defect on ISIM side.  This defect is fixed in ISIM 6 fix pack 10 and ISIM VA 7.0.1.



If a user is already a member of a role and this role is assigned with new permission or assigned with other roles with new permission, if the user does not have account for the Application associated with the permission, then the new assigned permission is not fulfilled since new account request is not initiated in ISIG. This defect is being investigated.



When the password synchronization is not enabled on ISIM, the accounts being created or restored from ISIG does not fulfilled to ISIM.  This defect is being investigated.


Known Limitations



PMR# / Description



Support for synchronization of Role-Permission mapping and role hierarchy in Identity Manager is not available with this release.



Service groups in Identity Manager are mapped to permissions in Identity Governance.  Support for permissions that are not represented as service groups in Identity Manager is not available in this release.



Support for mapping one Identity Manager service to multiple applications is not available in this release.



Support for multiple group types for each Identity Manager service is not available in this release. For example, POSIX AIX service supports AIX groups and AIX Role, in this release, it only supports user permissions mapping in Identity Governance for one of them but not both.



Support for multiple accounts of a person on same Identity Manager service is not available in this release.



Support for synchronization of access catalog information in Identity Manager is not available in this release.



Support for permissions that map to hosted service groups in Identity Manager is not available in this release.



Support for password synchronization for ISIG accounts is not available in this release.



Support for define subset of Identity Manager entities for synchronization is not available in this release.



Consolidation of user permission change as result of role assignment change is not available in this release.

When a role is assigned to a user in ISIG, role assignment is updated in ISIM if the role exists in ISIM.  If the role is associated with list of permissions for targets managed by ISIM, the permissions are also assigned to user in ISIM. If Delta load is running, the user-permission changes will be synchronized into ISIG as direct user-permission association even though these assignments are already implied by the user-role assignment in ISIG.



Mapping ISIM role to ISIG external role is not available in this release.

As a result of this limitation, when an ISIM Role is assigned as child of another role in ISIG, if a user is assigned to the parent role, the assignment to the ISIM role (child role) is not fulfilled in ISIM.



When the account has required attributes, create account event is not fulfilled from ISIG to ISIM since ISIG does not know about these information.  Work-around:  The account default value for the service should be set on ISIM side.


Installation, Configuration and Operation Notes

If you are installing this fix pack version on the existing ISIGADI v7.0.2 or v7.0.2.x, then follow the instruction in the next section.

For all other installation cases, see the "Integration between IBM Security Identity Manager and IBM Security Identity Governance" TECH NOTE for detailed instructions.


Installing this fix pack to ISIGADI v7.0.2 or v7.0.2.x

To install this fix pack to the existing ISIGADI v7.0.2.x, follow the instruction below.

  1. Stop ISIGADI by running stopSrv command.  See TECH NOTE for how to run stopSrv command.
  2. Unzip the downloaded ISIGADI zip file to the temporary directory.  TEMP is used in this document to refer to this temporary directory.
  3. Replace the following files in the TDI_HOME/jars directory.  TDI_HOME is the TDI installation directory.  The TEMP directory is the temporary directory where you extracted the ISIGADI zip file.
    1. Replace TDI_HOME/jars/3rdparty/IBM/ISIGADI/isigadi-jar-utils.jar file with TEMP/jars/3rdparty/IBM/ISIGADI/isigadi-jar-utils.jar
    2. If ISIG 5.1 is used with ISIGADI, replace TDI_HOME/jars/connectors/isigadi-connectors.jar file with TEMP/jars/connectors/isigadi-connectors.jar file.
    3. If ISIG 5.1.1 is used with ISIGADI, replace TDI_HOME/jars/connectors/isigadi-connectors-forWAS.jar file with TEMP/jars/connectors/isigadi-connectors-forWAS.jar file.
    4. If ITIM 5.1 is used with ISIGADI, replace TDI_HOME/jars/functions/isigadi-isim-api-fc.jar file with TEMP/jars/functions/isigadi-isim-api-fc.jar file.
  4. Replace ISIGADI_SOL_DIR/ISIGADI/ISIGADI.xml file with TEMP/soldir/ISIGADI/ISIGADI.xml file.  ISIGADI_SOL_DIR is the TDI solution directory for ISIGADI.
  5. Start ISIGADI by running startSrv command and start Delta and ISIGtoISIM assembly lines by running startAL command.


Supported Configurations  

 The IBM Security Identity Governance and Administration Data Integrator was built and tested on the following product versions.

Installation Platform

 The IBM Security Identity Governance and Administration Data Integrator installs into Tivoli Directory Integrator (TDI) and may be installed on the following platforms:

·         Red Hat Enterprise Linux 6.5

·         Windows 7


Required TDI version:

·       Tivoli Directory Integrator v7.1.1 with Fix Pack 4 or higher

·       Interim fix, 7.1.1-TIV-TDI-LA0022 is required in addition to fix pack 4.  This interim fix upgrades TDI JRE to v1.7. (Only required for ISIG 5.1.1)


Database Support

 The IBM Security Identity Governance and Administration Data Integrator requires a database to store information about entity mappings between integrated products.  The database can be created on the same DB2 instance as Identity Manager or on a different DB2 instance.

Supported database includes:

·         IBM DB2 Universal Database™ Enterprise Server Edition v10.1

·         IBM DB2 Universal Database™ Enterprise Server Edition v10.5 with Fix Pack 3 or higher.


Integrated Products

 The IBM Security Identity Governance and Administration Data integrator supports the following product versions:

ISIM Versions

·       IBM Tivoli Identity Manager version 5.1 with WebSphere Application Server version 7.0.

·        IBM Security Identity Manager version

·       IBM Security Identity Manager version 7.0 VA.

ISIG Versions

·       IBM Security Identity Governance version 5.1 VA with Oracle database.

·       IBM Security Identity Governance version 5.1.1 VA with DB2 or Oracle database.



This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user’s responsibility to evaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing

IBM Corporation

North Castle Drive

Armonk, NY  10504-1785 U.S.A.


IBM, the IBM logo, and are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at


End of Release Notes