Symantec IGA

We have developed a custom connector using CS SDK and also have a Identity Governance(IG) connector the Identity Manager(IDM). We have to import the data/accounts from IDM to IG and perform certifications on those accounts having specific roles/groups.
But while configuring the IG IDM connector for the endpoint of custom connector I am not able to complete the step of "Endpoint mappings as described - Define how objects in an endpoint map to objects in CA Identity Governance, for example, a group in Active Directory is a resource in CA Identity Governance."

Someone has mentioned that in the custom connector schema we need to mark a specific attribute that we need to use for mapping but could not tell us the details how to do that. I have attached a screen print of the step. Does anyone have idea about this, thanks.

Hi Ashish,

I was looking at your notes, and was not sure if the new connector, that was created at the Connector Tier (IAMCS) was exposed to the upper tier of the J2EE tier.

IG integrates with IM at the web service layer, and may not have this connector exposed yet.

Would you check if the connector and attributes are exposed using the IMPS (provisioning server) GUI (provisioning manger), then ensure that the JAR & XML file(s) have been created to be imported to the IME?

Extend Custom Attributes on Endpoints - CA Identity Manager - 14.0 - CA Technologies Documentation 

• Use Connector Xpress as follows:
  1. Install metadata in the namespace node.
  2. Generate a JAR file, property file, and role definition file using the Role Definition Generator.
     For details, see the Connector Xpress Guide.
• Copy the JAR file to this location:
  • (Windows) app server home/iam_im.ear/user_console.war/WEB-INF/lib
  • (UNIX) app server home\iam_im.ear\user_console.war\WEB-INF\lib

• Repeat the preceding two steps for each node if you have a cluster.
• Restart the application server.
• Import the role definition file as follows:
  1. In the Management Console, select the environment.
  2. Select Role and Task Settings.
  3. Click Import.
  4. Select the endpoint type and click Finish.

After this, see if IG can view the endpoint now.

Here is a better link, that describes how to expose a new connector to the upper tier of the IM & IG solution.

How you Generate User Console Account Screens - CA Identity Management & Governance Connectors - CA Technologies Documen… 

Cheers,

Alan

Hi Alan,

Thanks for your response but we have already exposed the connector to the J2EE tier. If you look at the screen that I have attached in the first message, the IG import connector is able to see the endpoint type(Docusignapplication) and the specific endpoint but the mapping where we are stuck.

Thanks,

Ashish