Identity Data Management Integration

The following documentation will provide the user with the requirements Configuring Sources and Views in RadiantOne Identity Data Management for consumption by RadiantOne Identity Analytics.

Radiant Logic provides two products that operate in the Identity Data space, Identity Data Management (IDDM) and Identity Analytics (IA). This documentation provides instructions on the creation and configuration of Views in IDDM specifically to facilitate the integration of the identity data staged in the IDDM Views into the IDA data repository with a minimum of configuration on the IDA product.

Currently the following data sources in IDDM are supported for direct View integration in IA:

• Active Directory domains – Users and Groups
• LDAP directories – Users and Groups

IDA requires a certain configuration of the data in IDDM to allow the seamless extraction and collection of data. The following sections will provide the user with the required configuration for Active Directory and LDAP backends.

Active Directory backend configuration

The Active Directory domain backend should have been configured in the IDDM control panel. To create the required hierarchy in IDDM please follow these steps:

• In the "Directory Namespace" tab create a new naming context o=IDAAD based on a virtual tree.

• In the newly created root Create a label. The label type must be dcand the name

• Configure the mapping of the backend in the label. Select an LDAP backend mapping and point to the desired data source as the backend

• Remove the DN remapping option for all attributes

To validate the configuration please check the the directory browser that:

• The label is correctly named dc=XXXX
• The attribute objectClass=domain is present for the label
• That the users and groups are present

LDAP backend configuration

The LDAP backend should have been configured in the IDDM control panel. The configuration is similar to the configuration for the Active Domain backend. To create the required hierarchy in IDDM please follow these steps:

• In the "Directory Namespace" tab create a new naming context o=IDALDAP based on a virtual tree.

• In the newly created root Create a label. The label type must be dc and the name

• Configure the mapping of the backend in the label. Select an LDAP backend mapping and point to the desired data source as the backend

• Remove the DN remapping option for all attributes

To validate the configuration please check the the directory browser that:

• The label is correctly named dc=XXXX
• The attribute objectClass=dcObject is present for the label
• That the users and groups are present

Once inside the Identity Analytics Portal, expand the left menu and select the Configure option in the Datasource Management Section

In this section we can see the list of datasources if any has been declared. The list will be empty if no datasource has been declared. Click on the Add button to declare a new datasource.

A wizard to declare a new datasources will pop up including default configurations for the connection to RadiantOne IDDM:

• RadiantOne - Active Directory
• RadiantOne - Generic LDAP
• RadiantOne - Generic Bridge

Each datasource requiring a sightly different configuration:

RadiantOne - Active Directory

This connector is to be used when connecting to an Active directory backend in Identity Data Manager.

Fill out the required field, for example:

• Datasource Name: o=IDAAD
• Datasource description: Extraction of all AD domains included in the root naming context of o=IDAAD

The Options are configured by default and no modification is required. You can adjust your search filter to limit the data extraction.

Follow the wizard for the final steps.

RadiantOne - Generic LDAP

This connector is to be used when connecting to a generic LDAP backend in Identity Data Manager.

Fill out the required field, for example:

• Datasource Name: o=IDALDAP
• Datasource description: Extraction of all AD domains included in the root naming context of o=IDLDAP

The Options are configured by default and no modification is required. You can adjust your search filter to limit the data extraction.

Follow the wizard for the final steps.

RadiantOne - Generic Bridge

This connector is to be used when using the datasoucrs connector as a bride between Identity Data Manager and Identity Analystics.

After clicking on Next, provided the required information in order to connect to the Identity Data Management LDAP URL. We will find:

• LDAP Server URL
• Login
• Password
• Search base used for the data extraction
• Search filter used to select the LDAP objects that will be extracted
• Attributes to extract, leave this empty to extract all available attributes

Click on Next to schedule the extraction. You can for example extract data once a week or every day.

Click on Next for to reach the last step of the wizard and then Finish to confirm the datasource declaration.

If we have multiple Identity Data Management URLs or different Search Bases to extract, you can repeat the process to declare one datasource by URL or by Search Base. Keep in mind that each datasource must have a unique datasource name.

Each declared datasource will have a corresponding connector created in the Controller.

You can reach the Controller using the URL /controller. Then click on the Connectors item in the menu that you will find on the left.

Click on the connector to see more details.

From here, you can use the button Submit a new test execution, this will trigger the data extraction process. It will take a few minutes.

When the data extraction test process has finished, the details page will automatically refresh to display the test results.

You can download the test results to verify the extracted files.

For more information on the controller pleaser refer to the dedicated documentation:

Controller