9.1 Adding target systems

To add a target system to the ID-Synch database:

1. Log in and navigate to the Specify target system search criteria or Target information page.

2. If ID-Synch displays a list of existing target systems, click Add at the bottom of the list.

3. Set the parameters listed in List:target-parameters

4. Click Add.

   The Admin IDs for target page displays so you can add a target administrator for the target.

5. Enter the target administrator's account ID in the Administrator ID field. Enter the account password in the Password and Confirm password fields.

6. Click Update

   Additional target administrators can now be added. See HERE.

7. Click Back to return to the previous screen (Target information), or click Main to return to the Central console main menu.

8. To define authorizers for this target, see HERE.

   If you do not have enough authorizers defined, a warning displays at the top of the Target information page.

If you selected the Runs list utilities check box (highly recommended), then ID-Synch will load a user list for this system during the next nightly update. If this option is not checked, a manual list needs to be provided.

No accounts will be associated with this target until this process is complete. To run a nightly update immediately, select Update now from the Nightly processing configuration page.

Note:

The ID-Synch server stays online and services continue running. You can make changes to configuration or databases during the update process, but changes to user information could be lost.

Note:

Targets and users will not be added to the database if it will cause you to exceed your license limit.

List 9.1- 1   : Target system parameters

Target identifier:

(required) A unique identifier for the new target system. Target system identifiers must start with a letter and contain only letters and digits. It may not contain spaces.

Target type:

(required) The target system's type (Novell NDS, Active Directory server/domain, etc.). Select the type from the Target type drop-down list.

Target description

(required) This is the target system name that is displayed to users

Target address:

(required) The address of this system. Click the (Help) link for more information on composing target addresses.

If the target address is modified by a console user, they are required to re-enter the target administrator credentials.

Login IDs are case-sensitive?

By default, ID-Synch treats login IDs with the same letters but different case as the same. Select this check box to make ID-Synch treat login IDs as distinct if they have the same letters but different case. Ensure that this setting matches the behavior of the target system.

For example, if this check box is selected ID-Synch treats johnd and JohnD as distinct.

Run list utilities?

Select this check box so that ID-Synch generates a list of login IDs nightly by running the appropriate list utility for this system. For example, ID-Synch runs LISTW2K to automatically find accounts on Windows 2000 / Active Directory targets.

List attributes (if supported by system)?

Select this check box so that ID-Synch generates a list of attributes for each login ID, when the list utility is run. In order to use this option the Run list utilities? check box must also be selected.

See the full manual shipped with the ID-Synch software for a list of targets that support the listing of attributes.

Include accounts when no entry in IDFilter?

You can use the ID Filter to exclude or include certain users. By default, entries in the ID Filter are excluded from the ID-Synch database. Clear this check box to use the ID Filter to include certain users.

Source of profile IDs?

Use this to indicate that users of this system should, by default, also be users of ID-Synch. This also means that full user names are drawn from this system.

Uses standard IDs (auto-associate)?

Select this check box if user IDs on the target are identical to those on ID-Synch. This allows ID-Synch to automatically associate accounts owned by the user with their user ID.

Verify passwords on this target?

Select this check box if you want the agent to verify passwords on this target. If not selected, end-users will not be able to select the target for authentication.

Agent timeout:

Agents are only given a finite amount of time to run, before ID-Synch stops them. Use this field to set that timeout (in seconds).

List timeout:

User-list programs are only given a finite amount of time to run before ID-Synch stops them. Use this field to set that timeout (in seconds), or type -1 for an unlimited amount of time.

Minimum list file size:

Files listing user IDs should be at least this large (in bytes). Smaller files are discarded, and replaced by their backups.

Minimum number of authorizers:

The minimum number of authorizers required when a non-create operation (such as the updating or deletion of an account) is requested for the target. If authorizers are required, you must add authorizers for this target.

Program to set the case of new IDs:

When a new ID for this target is created, use this program to set the case. ID-Synch provides 2 built-in programs:

• UPPER.PSS- use all upper case characters.
• LOWER.PSS- use all lower case characters.

You can also write a customized plug-in program, for example, to create mixed-case IDs, or to create a numerical ID composed from a user attribute. See the full manual shipped with the ID-Synch software for details.

List of proxies to run list/agents on:

Proxy servers which can run agents and list utilities on behalf of the main ID-Synch server. List servers, separated by a semi-colon in the format: servername/portnumber.

Target information URL:

In case a longer description would help users, you can compose and post an HTML page that describes this system further, and enter its URL here.

Users can open the URL by clicking the target description text.

Request attribute to use as the container DN for this target

When creating an account on target systems that have contexts, such as LDAP, NDS, or Active Directory, the default behavior for agents is to put the new account in the same OU (container) as the template. To prevent the necessity of creating identical templates for each OU, you can override the default by telling the agent in which OU to put the new account.

This variable allows ID-Synch to use a request attribute to provide a place to prompt the user for this information.

9.1.1 Defining additional target administrators

A target administrator is a designated account used by ID-Synch to log into the target system and manage accounts. Multiple target administrators can be defined so that if ID-Synch cannot log in to the target system with the current target administrator account (because of target operation locking), the credentials of the next target administrator in the list are used.

To add additional target administrators:

1. Log in and navigate to the Admin IDs for target page.

2. Enter the target administrator's account ID in the available (blank) Administrator ID field. Enter the account password in the Password and Confirm password fields.

3. Click Update.

4. Repeat the previous 2 steps for any additional target administrators.

To delete a target administrator:

1. Log in and navigate to the Admin IDs for target page.

2. If required, select the check box next to the Delete button of the target administrator you wish to delete.

3. Click Delete.

   In general, you must have at least one target administrator defined for each target. If you do not have any target administrators define, a warning is displayed on the Target information page.

9.1.2 Adding authorizers for a target

Authorizers can be required to approve a request to update, disable, or delete an account. These requests can be handled by authorizers assigned to the target, rather than to the template on which the account was based.

If you want template authorizers to handle requests other than account creation, see Workflow options.

Once you add a target system, an Authorizers for this target table displays at the bottom of the Target information page.

To assign authorizers to a target:

1. Click Add at the bottom of the Target information page.

   ID-Synch displays the Select Authorizers page.

2. Enable the check box beside the authorizers you want to assign to the target and click Add.

   ID-Synch displays the authorizers on the Target information page.