Using CSV as Identity Source
Identity Management (IdM) Framework extends its support for identity conenctors with the introduction of CSV connector solution. It provides the ability to synchronize users from CSV to SafeNet Trusted Access (STA) using custom connectors.
It is preconfigured with XML files. This eliminates the need for manual configuration of connectors, roles and templates for user synchronization. However, the configuration can always be modified as required.
The following diagram displays the connection between the CSV connector and STA:
This documentation provides detailed instructions on configuring CSV and SafeNet Trusted Access IdM Connector to creata a uni-directional synchronization setup.
For two-way communication and data synchronization, refer to the Bi-directional Synchronization section.
Supported Use Cases
The CSV connector supports the following use cases:
Use Case | Description |
---|---|
User Synchronization | Supports all the Create, Read, Update, and Delete (CRUD) operations. |
Live Synchronization | Detects and synchronizes the changes in the target system in near real time. Applicable for users only. |
Bi-directional Synchronization Support | Supports two-way communication between CSV & STA. |
Prerequisites
As prerequisites,
Configure SafeNet Trusted Access IdM Connector in IdM Framework
To configure the SafeNet Trusted Access IdM Connector in the Identity Management Framework, refer to SafeNet Trusted Access IdM Connector Configuration documentation.
Add the CSV File
Copy the CSV file and paste it in the /opt-directory on your Ubuntu virtual machine to import the user data onto the connector.
It is recommended to create a backup of your CSV file.
In the absence of the file from the mentioned location, the connector will stop working.
Import Connector XML File in IdM Framework
The CSV connector XML file provides the basic configuration for initial setup of the connector. Perform the following steps:
- Click here to download the CSV.xml file and then save the file on your local machine.
- Log in to the Identity Management Framework console as an administrator.
-
On the administrator console, in the left pane, scroll down, click Import object. Perform the following steps to set up the connector XML file:
-
Under Options, select the Keep OID checkbox.
-
In the Get objects from field, ensure that the File option is selected.
-
Click Choose File to upload the CSV.xml file.
-
Click Import object.
Ignore Validation warnings if any found.
-
-
In the left pane, click Resources > All resources. The CSV resource is displayed in the right pane.
Import Template XML File in IdM Framework
The template XML files enable you to sync users to STA. Perform the following steps:
-
From here, download the following template XML files and save them on your local machine.
-
UserTemplate_for_CSV.xml: Contains the mappings that are used to assign a role (STA user role) to users imported from CSV.
-
STA_user_role.xml: Used to create a role in Identity Management Framework. The role is used to create a user(s) in STA automatically.
-
-
Perform the following steps to import the XML files that you downloaded in the previous step:
-
On the Identity Management Framework administrator console, in the left pane, scroll down, and click Import object.
-
Under Import object, in the right pane, under Options, select the Keep OID checkbox.
-
Under Get objects from, ensure that the File option is selected.
-
Click Choose File to upload an XML file
-
Click Import object.
-
-
Repeat step 2 to upload rest of the template XML files.
Configure CSV Connector in Identity Management Framework
Perform the following steps to configure a working CSV Connector:
-
On the IdM Framework administrator console, in the left pane, click Resources> All resources.
-
In the right pane, under All resources, click the CSV resource that you have created as a prerequisite.
-
On the CSV resource window, scroll down, and perform the following steps:
-
In the left pane, click Basic. In the right pane, perform the following steps to configure the resource:
- In the Name field, modify the name of the resource as per your preferred configuration (for example, CSV Connector). This is for identification purpose only.
- [Optional] In the Description field, add a description of the resource.
- In the connectorRef field, ensure that the CSV connector is selected (for example, ConnId com.evolveum.polygon.connector.csv.CsvConnector v2.7).
-
In the left pane, click Connector configuration. In the right pane, perform the following steps to modify the fields' values as per your CSV configuration:
- In the Multivalue delimiter field, ensure that ; is entered.
- In the Field delimiter field, ensure that , is entered.
- In the File path field, replace the field value with the location of the CSV file (for example, /opt/example.csv) that you added earlier as a prerequisite.
- In the Encoding field, ensure that utf-8 is entered.
- In the Unique attribute name field, ensure that username is entered.
- Click Save.
-
On the All resources window, click on the CSV connector. Under Resource operations, click Test connection to verify the configuration, and then click OK.
If you face any error while testing the conneciton, check your CSV connector configuration.
-
In the left pane, click Schema handling. Schema handling contains attribute mapping for users for synchronization.
The default set values are case sensitive.
You can configure Schema handling for,
Accounts
Perform the following steps to view or edit attributes mapping for users:
-
In the right pane, in the Display name column, click Account.
-
On the Object type wizard window, select the Mappings tile.
-
Click the Inbound mappings tab. The users' attribute mapping is displayed. Ensure that mapping is done for all the attributes as shown in the screenshot below.
You can edit an attribute mapping as per your preferred configuration. For more detial,refer to the Add or Modify an Attribute Mapping section.
-
Click Exit wizard, else click Save mappings to save the changes, if any.
-
On the Object type wizard window, select the Synchronization tile.
-
The Synchronization window is displayed. The synchronization properties (configuration) of a resource object (user). It specifies the information regarding the Identity Management Framework action when a new synchronization event is detected. For example, when an event related to the account creation or deletion is detected, the Identity Management Framework action can be to create a new user, delete or disable existing user, to ignore the event, etc.
On the Synchronization window, ensure that all the values are set, and then click Exit wizard.
-
On the Object type wizard, click Back to object types link to exit from the window.
-
-
Add or Modify an Attribute Mapping
Perform the following steps to add or modify an attribute mapping:
-
In the right pane, in the Display name column, click Account.
-
On the Object type wizard window, select the Mappings tile.
-
Click the Inbound mappings tab. The users' attribute mapping is displayed.
-
Next to Lifecycle state, click to edit an attribute or to add a new attribute.
-
The Main configuration window is displayed. Perform the following steps:
- In the From resource attribute field, select an attribute.
- In the Target field, enter a name for the IdM attribute (for example, givenName) that you want to map with the name attribute of STA.
Create Tasks
Tasks are created in Identity Management Framework to automatically synchronize users at a specific time. You can create the following tasks in IdM Framework:
Import Tasks
Perform the following steps to create an import task to synchronize users:
-
On the IdM Framework administrator console, in the left pane, click Server tasks > Import tasks.
-
Under Import tasks, in the right pane, click on the New import task icon to add a new task.
-
On the New Import task window, in the right pane, under Resource objects, perform the following steps:
- In the Resource field, click Edit, and select your CSV connector (for example, CSV: Resource Type).
- In the Kind field, select Account.
- In the Intent field, select default.
-
In the Object class field, select AccountObjectClass.
-
Click Save to create the task.
Live Synchronization Tasks
A live synchronization task is created for users. This task processes the events (creation, modification, or deletion) that represent the changes related to the resource objects. It ensures that these events are processed, so that the resource objects' changes are reflected on Identity Management Framework objects (and extended to other resources, if needed).
Perform the following steps to create a live synchronization Task for users:
-
In the left pane, scroll down, click Server tasks > Live synchronization tasks.
-
Under Live synchronization tasks, in the right pane, click on the New live synchronization task icon to add a new task.
-
On the New Live synchronization task window, perform the following steps:
-
Under Resource objects, perform the following steps:
- In the Resource field, click Edit, and select your CSV connector (for example, CSV: Resource Type).
- In the Kind field, select Account.
- In the Intent field, select default.
- In the Object class field, select AccountObjectClass.
-
In the left pane, click Schedule. In the right pane, in the Interval field, enter the value of the interval in seconds (for example, 1200).
Interval is the time period after which the task will be automatically repeated until all the records are synchronized.
-
-
Under Operations, click Save.
Reconciliation Tasks
A Reconciliation task is created to compare the data stored in the IGA platform with the data stored in the target systems.
Perform the following steps to create a reconciliation task for users:
-
On the IdM Framework administrator console, in the left pane, click Server tasks > Reconciliation tasks.
-
Under Reconciliation tasks, in the right pane, click on the New reconciliation task icon to add a new task.
-
On the New Reconciliation task window, perform the following steps:
-
In the right pane, under Resource objects, perform the following steps:
- In the Resource field, click Edit, and select your CSV connector (for example, CSV: Resource Type).
- In the Kind field, select Account.
- In the Intent field, select default.
- In the Object class field, select AccountObjectClass.
-
In the left pane, click Schedule. In the right pane, in the Interval field, enter the value of interval in seconds (for example, 86400).
Interval is the time period after which the task will be automatically repeated until the data of all the users is reconciled.
-
-
Under Operations, click Save.
Run the Solution
Duplicate users cannot be synced to STA using the Identity Management Framework.
Perform the following steps to run the import task to synchronize users:
-
On the administrator console, in the left pane, scroll down and click Server tasks > Import tasks.
-
Under Import tasks, in the right pane, click the Import task: CSV: Account task for users that you created earlier under Create Tasks.
-
On the Import task window, click Save and Run to execute the task.
Similarly, you can run all other tasks like Live Synchronization Task and Reconciliation Task using the above-mentioned steps.
Verify Users in STA
Perform the following steps to verify if the users are successfully synced to STA:
-
On the STA Management console, click the Assignment tab.
-
In the Search User module, you can search for users that are pushed from CSV to STA. Alternatively, you can search for individual users to verify if the user is synchronized to STA.