Entrust
This connectivity package provides support for managing users in Entrust Identity Enterprise Server (formerly IdentityGuard). The package allows you to import and provision users. Other object types (like resources and assignments) are not handled with the default configuration due to Entrust data structures. Entrust holds many object types that can be treated as resources and assigned to the user. In case you require to use any such objects, you must add proper queries manually.
Supported objects and operations
Only full import is supported.
| Resource | Possible operations |
|---|---|
| Users | Create, read, update, delete Password Set/update |
Minimum required permissions
The user account must be active and have all required permissions to execute required operations. If a user does not have permission to execute some operations, for example, setting an initial password, remove these operations from the connector settings or grant access first.
The user account used by Omada must have the following permissions assigned in Entrust Identity Enterprise Server:
- User Management – required for creating, updating, deleting, and reading user objects.
- User Password Authenticator Management – required for setting or updating user passwords.
- User Role Management – required for managing group or role assignments (if applicable).
See the Entrust documentation for details.
There is no immutable ID parameter in Entrust to map Omada Identity's Accounts to Entrust users. Do not change the Entrust UserID after connectivity with Omada Identity is established (once the system is onboarded and initial import is executed).
Implementation notes
The Entrust Connectivity Package uses Entrust SOAP Admin Service API. It must be available and accessible from the Omada Identity machine.
Prerequisites
None.