Version:

MarketplaceSupport

Configuration

Before accessing the Global Identity Viewer, several preliminary tasks must be completed.

✓ Use the Global Identity Builder to create the reference list of identities. This step is documented in the RadiantOne Global Identity Builder Guide.

✓ Configure real-time persistent cache refresh for the global profile view. This step is documented in the RadiantOne Global Identity Builder Guide.

✓ Enable full-text indexing for the global profile view. This step is documented in this chapter.

✓ Configure a persistent cache (with applicable refresh) and Full-text indexing for all underlying virtual views of identity sources, to facilitate advanced searching in the Global Identity Viewer. This step is documented in this chapter.

✓ Configure the needed access permissions and privileges to authorize use of the application. This step is documented in this chapter.


To enable full-text search capabilities against the global profile reference list:

  1. Go to the Main Control Panel > Directory Namespace tab > Cache section and select the naming context corresponding to the name of your Global Identity Builder project.
  2. Click the Full-text Search box.

An image showing

Figure 1: Full Text Search Option

  1. Click OK to close the Note.
  2. Click the Save button. Click Yes.
  3. Click Re-build Index at the bottom.
  4. Click Yes.
  5. You can either select the running task and click View Log to track the progress, or you can click OK to close the Tasks Monitor window.
  6. To enable full-text search capabilities against the virtual views that were auto-generated for each of the underlying sources, go to the Main Control Panel -> Directory Namespace tab and click Cache.
  7. Click Browse.
  8. All underlying identity views are located below dv=sourcecatalog,ou=directoryaggregation,dv=globalprofiles. An example with four identity sources is shown below.

An image showing

Select one of the virtual views representing an identity source (e.g. based on the samples shown above is dv=ids_adpartnerdomain_directoryaggregation).

  1. Click Create Persistent Cache.
  2. Click OK.
  3. On the Refresh Settings tab, choose the persistent cache refresh type. For details on persistent cache options and configuration, see the RadiantOne Deployment and Tuning Guide.
  4. Click Save.
  5. On the Refresh Settings tab, click Initialize.
  6. After initialization, select the Properties tab.
  7. Click the Full-text Search box to enable it.
  8. Click OK to close the Note.
  9. Click Save. Click Yes.
  10. On the Properties tab, click Re-build Index at the bottom.
  11. Click Yes.
  12. You can either select the running task and click View Log to track the progress, or you can click OK to close the Tasks Monitor window.
  13. Repeat steps 8-21 to cache virtual views for all identity sources.

Define Access Permissions

Three default groups are designed to be used with the Global Identity Viewer. They are Global ID Viewer Design, Global ID Viewer Write, and Read Only. Any member associated with these roles can log into the Global Identity Viewer Console and access the Global Identity Viewer. There are three privileges assigned to these roles to dictate what the user is authorized to do within the Global Identity Viewer.

vdPrivilege Name
View entries & attributes
Perform searches
Edit, delete templates
Create, edit, delete queries
Export results
Modify attr values
configure/ schedule reports
Default groups/ roles that have this privilege

globalidviewer-read

Read Only
cn=readonly,ou=globalgroups,cn=config

globalidviewer-designer

Global ID Viewer Design
cn=Global ID Viewer Design,ou=globalgroups,cn=config

globalidviewer-write

Global ID Viewer Write
cn=Global ID Viewer Write,ou=globalgroups,cn=config

To add your user to a RadiantOne group:

  1. Log into the Main Control Panel as the super user and click on the Directory Browser tab.

  2. Navigate below ou=globalgroups,cn=config node to locate all of the default groups.

  3. Select the group (e.g. cn=Global ID Viewer Design) you want to add your user to and click Manage Group. From here you can remove users from groups and search for new users (located anywhere in the virtual namespace) to add to groups.

  4. (Optional) Repeat step 3 to add users to other groups (e.g. cn=Global ID Viewer Write, or cn=readonly) used by the Global Identity Builder.

In addition to being assigned one of the roles mentioned above, proper read, search, and in some cases write permissions are also required. These permissions should be configured for the root naming context defined in the Global Identity Builder project and dv=globalprofiles. This section describes how to add permissions.

To define access permissions:

  1. From the Main Control Panel > Settings Tab > Security section > Access Control sub-section, select the Enable ACI checkbox on the right side in the Authorization section and click Save.

  2. In the Access Control section, click Add. The Edit ACI pane is displayed.

  1. Enter an ACI description (e.g. globalprofileaci).
  2. Click the Choose button to navigate to the target DN.
  3. Select the root naming context corresponding to what you defined in the Global Identity Builder and click OK. An example is shown below.

An image showing

Figure 2: Example of a Naming Context Configured in the Global Identity Builder and Location for Defining Access Controls

  1. In the Permissions section, select Allow from the drop-down menu and select the Read and Search operations.
  2. In the Apply To section, click Specific Users.
  3. Enter cn=config for the Base DN.
  4. Select the groups option and click Search.

An image showing

Figure 3: Defining Access Controls

  1. Select the groups that require the ability to perform searches on users and groups from the Global Identity Viewer and click Allow Selected. This should be the group that contains the user you added in step 3 earlier in this section.

  2. Select the default “anyone” and click Delete.

  3. Click Save.

  4. Repeat steps 6-16 for dv=globalprofiles target (naming the aci something like identitysourcesaci).

Permissions must also be granted to allow the user to save, edit, and delete queries, and save custom templates.

  1. From the Main Control Panel > Settings Tab > Security section, select Access Control.

  2. In the Access Control section, click Add. The Edit ACI pane is displayed.

  1. Enter an ACI description (e.g. configurationaci).
  2. Click the Choose button to navigate to the Target DN.
  3. Expand cn=config and select ou=globalsettings. Click OK.
  4. In the Permissions section, select Allow from the drop-down menu.
  5. Select the Read, Search, Add, Delete, and Write operations.

An image showing

Figure 4: Sample ACI for the Global Identity Viewer

  1. In the Apply To section, click Specific Users.

  2. Enter cn=config for the Base DN.

  3. Select the groups option and click Search.

  4. Select the group (e.g. Global ID Viewer Design or Global ID Viewer Write) that contains the user(s) and click Allow Selected.

  5. Select the default “anyone” and click Delete.

  6. Click Save.

IN THIS PAGE