Data import
General settings
| Setting | Description |
|---|---|
| Name | Type a unique name for the system. Two systems cannot have the same name. |
| System ID | Type a unique System ID for the system. Two systems cannot have the same System ID. You cannot change this setting. |
| Description | Type an optional description of the system. |
| Status | Status of the system. Set the status to Removed to ensure the system is no longer included in warehouse imports, reconciliation or provisioning. Setting a system as removed will delete all objects referring to the system, including resources, manual and automated provisioning tasks, and assignment policies. |
| Content | The type of content to import. You can choose: Identity data Access rights Both (Identity data and access rights) |
| Trusts | Optionally, select one or more trusted systems to associate with the system. |
| Prevent self-service | Optionally, decide if it will be possible or not to request the resource in a self-service requests in that system. |
info
Trust is specifically designed for use between physical systems. It is not intended for use between logical and physical systems.
Connection details
| Parameter | Description |
|---|---|
| Data source | Enter the location of the flat files. It can either be a Network share or a Secure FTP server. |
| Network share name | Specify the network share where the files are placed, for example, \server\sharename. The service account used for importing data must have read access to the networks share. |
| Service account name | Specify the name of the service account for the SQL Server Integration Services (SSIS), for example, srvc_ssis. |
| Service account domain name | Specify the domain name of the service account for the SQL Server Integration Services (SSIS); the format is NetBIOS, for example, CORPORATE. |
| Service account password | Specify the password of the service account for the SQL Server Integration Services (SSIS). |
| Test connection file name | Specify the file name for which to perform the connection test. |
| Host name | Provide the name or IP address of the host where the files are located. Host name must be resolvable via dns, so using a FQDN is recommended. Example: ftp.myserver.com or 10.0.0.1. |
| Port | Specify the TCP port used for the connection. For SFTP it is typically port 22. |
| User ID | Provide the User ID for logging into the SFTP server. |
| Authentication method | Select which Authentication method to use for the SFTP server. It is possible to use Password authentication or a Public Key authentication. |
| Password | Provide the password for logging into the SFTP server. Each time you make a change to any of the settings in the Connection details dialog box, you must enter your password again. |
| Host Key Fingerprint | Provide the host key fingerprint used for the host key validation. If the value is not provided, validation will be skipped. Supported fingerprints: MD5 and SHA256 Format: algorithm:fingerprintExample: SHA256:jlDPKCCRr1TkufVsZJf02ejXNQ7RB/vg09uGwKeSwnUThe collector/connector accepts the host key presented by the server during the SSH handshake process. This can be of various types such as RSA, DSA, ECDSA, or ED25519, depending on the server configuration. |
| Private key | Provide the private key for logging into the SFTP server. |
| Test connection | Enable this setting to allow the system to check if the connection details are correct. If you want to use this functionality, you must install Omada Provisioning Service and make sure it has the necessary permissions to communicate with the target system. |
Queries and mappings
Query parameters
| Parameter | Description |
|---|---|
| File name | The name of the CSV file, including the path, for example, /myhrsystem/extracts/employees.csv. |
| Separator | Specify the character used as separator of columns in the file. |
| Encoding | Specify the encoding of the file. Possible options are UTF8, ASCII, Unicode. |
| First row to import | Enter the number of the first row to be imported. Rows are counted from 0. If the first line is a header, use default value 1. This setting is required. |
| Treat double quotes as normal character | By default, double quotes are interpreted as a special character used to mark start and end of the field that contains, for example, a separator. When you enable this option, double quotes will be treated as a standard character without any special behavior. |
| Headers | The CSV column names. Fill only if the first line of the file does not contain this information or is not valid. The list can be comma- or semicolon-separated. If headers are not provided in the file, it is required to specify them to perform mappings from the source file to Omada Identity. |
| Distinct | Specify if the collector should remove possible duplicate rows. |
| Filter | Provide a Dynamic Expresso expression that is used for filtering the data imported into Omada Identity. It returns a TRUE/FALSE result for each imported data row. If the expression returns “FALSE” for the given row that row is skipped during import. |
| Enabled | Enable or disable the query. |
| Description | Provide a description for the query. |
Minimal required mappings for Identity systems
The Omada Flat file CSV connectivity for Identity systems requires the following mappings to be configured.
Contexts
| Destination | Description |
|---|---|
| Business key | The system’s key for the context. A unique value is required. |
| Name | Name of the context |
| Type | Type of the context |
Context assignments
| Destination | Description |
|---|---|
| Context business key | The system’s key for the context. A unique value is required. |
| Identity UID | UID of the identity |
Context owners
| Destination | Description |
|---|---|
| Context business key | The system’s key for the context. A unique value is required. |
| Owner UID | UID of the context owner |
Identities
| Destination | Description |
|---|---|
| Business key | The system’s key for the identity. A unique value is required. |
| Unique ID | UID of the account |
| Name | Name of the identity |
| Status | Status of the identity |
important
Importing Status from an HR system may overwrite important status change made in ES, for example, “Identity lockout.” In order to remedy possible status change by the requirement of mapping the Status property in the collector mappings, Omada recommends disabling the mapping of this property within Warehouse to Portal mappings.
Within ES, Status is maintained by the three standard events:
- Update identity status (terminated)
- Update identity status (active)
- Update identity status (inactive)
Horizons feature enabled
With the Horizons feature enabled, the behavior of Warehouse to Portal mappings has changed, for more information, go to Migrating to Horizons documentation.
Identity owners
| Destination | Description |
|---|---|
| Owner UID | UID of the identity owner |
| Identity UID | UID of the identity |
Minimal required mappings for Access rights systems
The Omada Flat file CSV connectivity for Access rights systems requires the following mappings to be configured.
Accounts
| Destination | Description |
|---|---|
| Business key | The system’s key for the account. A unique value is required. |
| Unique ID | UID of the account |
| Account name | Name of the account |
Resources
| Destination | Description |
|---|---|
| Business key | The system’s key for the resource. A unique value is required. |
| Security resource business key | The system’s key for the resource. |
| Name | Name of the resource |
| Category | Category of the resource |
| Type | Type of the resource |
Resource assignments
| Destination | Description |
|---|---|
| Resource business key | The system’s key for the resource. A unique value is required. |
| Account - business key | The business key for the account. |
| Account - CBK | The composed business key for the account. |
Resource owners
| Destination | Description |
|---|---|
| Resource business key | The system’s key for the resource. A unique value is required. |
| Owner UID | UID of the resource owner |
| Owned account business key | The business key for the owned account. |
| Owned account CBK | The composed business key for the owned account. |
Resource Parents/Children
| Destination | Description |
|---|---|
| Indirect | |
| Parent resource business key | The system’s key for the parent resource. A unique value is required. |
| Child resource - business key | The system’s key for the child resource. A unique value is required. |
| Child resource - CBK | The composed business key for the child resource |