Skip to main content

Step 2 - Test connectivity

The next step in the end-to-end tutorial is to test your connectivity and see where each of the deployed and registered components comes into play.

Register a system

The first step in testing the connectivity is to register a new system to manage the sampledirectory.xml file.

You must be an Omada Identity System Administrator to perform this procedure. To register a system:

  • Open Omada Identity and click Services > Register New System.
  • In the Register new system dialog box, enter a Name and a System ID, and in the Category field, click the drop-down arrow and select New.
  • In the Register new system dialog box, in the Collector technology section, click the drop-down arrow and select the Acme Foo Collector.
  • In the Content section, select Access rights, then click OK. The system is now registered.

Onboard, import, and review data

When the system is registered, you must continue the system onboarding by importing data. To continue system onboarding:

  • Go to Setup > Master data > Systems, and select the system that you registered. This brings up the System Onboarding page.

    Screenshot of the SampleDirectory.xml file displayed in a Windows application window. The file contains structured XML data with elements such as Directory, Roles, Role, Accounts, and Account. The Roles section lists two roles with IDs RoleA and RoleB, each with a name and description. The Accounts section lists two accounts with IDs UserA and UserB, each with first name, last name, and role assignments. The window background is neutral, and the tone is informational and technical, focusing on presenting sample data for system onboarding and testing connectivity.

  • In the Tasks section, expand System definition, and perform the tasks for Connection details and Queries and mappings.

  • The configuration of both tasks is defined in the Onboarding configuration.xml file located in the C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\configuration folder.

Test Connection details

In the following test, you deliberately enter incorrect information to verify that the check of connection details works as intended. The following two validations are done by the deployed and registered POST action: validation of the file name, and verification that the file exists.

To test connection details:

  • In the System Onboarding page, click the Connection details task. In the dialog box, enter a random File path, for example: C:\some file.

  • Select the Test connection checkbox, and then click OK. The following error message appears:

    Screenshot of a Windows dialog box displaying an error message. The dialog box title is Connection details and the message reads The file does not exist. Please check the file path and try again. The dialog box contains an OK button. The background is neutral and the tone is technical and informative, focusing on alerting the user to a file path issue during system onboarding.

  • Click OK to go back to the Connection details dialog box.

  • This time enter the correct full path to the SampleDirectory.xml file, for example C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\SampleDirectory.xml.

  • Click OK. In the System Onboarding page, the status of the Connection details task turns green to OK.

Test queries and mappings

Queries and mappings define the data that is extracted and how it will be mapped into the Omada Identity Data Warehouse (ODW).

To test queries and mappings:

  • In the System Onboarding page, click the Queries and mappings task. The list of queries and mappings is prefilled with 3 queries:
    • Resource
    • Account
    • Resource assignment

The predefined queries are also specified in the Onboarding configuration.xml file located in the folder C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end \configuration.

Screenshot of the Queries and Mappings dialog box in Omada Identity. The dialog box displays a list of three queries: Resource, Account, and Resource assignment. Each query is shown with its name and a status indicator. The interface background is neutral and technical, focusing on presenting query options for system onboarding and data mapping. The tone is informative and instructional, supporting users in configuring queries and mappings during the onboarding process.

Click OK. The Queries and Mappings task status turns green. This means queries and mappings are working properly.

Import data

info

Before you can import data, in the System Onboarding page, go to the Account rules task, and edit the status to OK.

In the System Onboarding page, click the Import data task. Omada Identity then automatically creates a new import profile, which imports data from your new system.

Click OK and wait for the import to finish.

Review imported data

When the data import is finished, click the Resources tasks to see the resources found in the system, for example:

Screenshot of the Resources dialog box in Omada Identity displaying a table of imported resources. The table includes columns for Resource ID, Resource type, and Description. Two resources are listed with IDs RoleA and RoleB, both with the resource type Foo Role and descriptions Role A and Role B. The interface background is neutral and technical, designed for reviewing imported data during system onboarding. The tone is informative and instructional, supporting users in verifying successful import of roles as resources.

In the Resources dialog box, in the Resource ID column, the first two resources match the Roles in the SampleDirectory.xml file.

You have now imported roles, which are called resources in Omada Identity. The imported resources have Foo Role as their Resource type. This resource type was created automatically when you registered the system. Information about the resource types to be created during registration is stored in the Onboarding configuration.xml file located in the folder C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\configuration.

info

In the list of resources, the last two resources are account resources that are automatically created when you register a new system.

Setup provisioning

To set up provisioning so that requested accesses are written to your SampleDirectory.xml file:

  1. In the System Onboarding page, click the Enable provisioning task. In the drop-down menu, select the Omada Provisioning Service (OPS) for provisioning accounts and assignments.

  2. In the Enable provisioning dialog box, in the Provisioning Connector field, click the drop-down arrow and select the Acme Foo Connector.

    Enable provisioning dialog box in Omada Identity showing options for selecting a provisioning connector. The dialog box contains a drop-down menu labeled Provisioning Connector with Acme Foo Connector selected. The background is a neutral Windows application window. The tone is technical and instructional, guiding users through enabling provisioning for system onboarding. No emotional content is present.

  3. Click OK. The status of the Enable provisioning task turns green to OK.

Inspect the data model

The next step is to inspect the data model for the connector. This data model is created as part of the system registration.

The data model is defined in the Data model.xml file located in the folder C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\configuration. For example, you can see how the Data model.xml file is referenced by looking at the connector registration in the registration.xml file:

Connector registration dialog box in Omada Identity displaying configuration details for a connector. The dialog box contains labeled fields such as Name, Connector type, and Data model file path, with example values filled in. The interface is technical and neutral, designed for configuring connector registration during system onboarding. The environment is a standard Windows application window with no emotional tone.

To inspect the data model:

  1. In the System Onboarding page, in the Data model task, edit the status and set it to OK.
  2. The status of the Data model task turns green to OK.

Task mappings

Next, you must specify task mappings that dictate how properties in RoPE are mapped to properties in the connector data model.

As part of the system registration, two task mapping objects were created. You can see them in the registration.xml file:

Screenshot of the Task Mappings section in the Omada Identity registration dialog box. The interface displays a table with columns for Task Mapping Name, Source Type, and Target Type. Two rows are shown: the first row lists Foo Role to Foo Assignment, and the second row lists Sample Directory Account to Foo User. The dialog box background is a standard Windows application window with a neutral, technical tone. The environment is focused on configuring task mappings during system onboarding. No emotional content is present.

The entries reference the mapping.xml in 2 files that are located in the folder C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\configuration.

To specify task mappings:

  1. In the System Onboarding page, select the Task mappings task. In the Task mappings dialog box, map the Foo Role resource type to Foo Assignment, and then map the Sample Directory Account to Foo User.

    Task Mappings dialog box in Omada Identity displaying a table with columns for Task Mapping Name, Source Type, and Target Type. The table lists two mappings: Foo Role to Foo Assignment and Sample Directory Account to Foo User. The interface is a standard Windows application window with a neutral, technical tone, focused on configuring task mappings during system onboarding. No emotional content is present.
    note

    The Sample Directory Account can have a different name if you named your system differently during the registration process.

    The number of resource types can vary depending on your system setup.

  2. When you are finished specifying task mappings, click OK.

  3. In the System Onboarding page, in the Task mappings task, edit the status and set it to OK. The task then turns green.

  4. To send the provisioning configuration to the Omada Provisioning

  5. Service (OPS), click Commit settings.

Test provisioning functionality

Ensure that the service account used for running the Omada Provisioning Service Windows service has write access to the file.

To test if provisioning works:

  1. Log in as a user, and request access to the system that you registered. If the access request is not automatically approved, log in as an approver and approve it.

    Request Access dialog box in Omada Identity showing a user requesting access to a Sample Directory Personal account and Role A. The dialog box lists the requested items with checkboxes and includes buttons labeled OK and Cancel. The environment is a standard Windows application window with a neutral and technical tone, focused on facilitating access requests during system onboarding. No emotional content is present.
    note

    In the example above, the user Trudy Jones has requested access to a Sample Directory Personal account and to Role A.

  2. After you approve the access request, in the provisioning monitor, in the Tasks for job dialog box, you can see that a new job with two tasks were created and their status says Completed.

    Tasks for job dialog box in Omada Identity displaying a table with two rows. Each row shows a task with columns for Task Name, Status, and Details. Both tasks have the status Completed. The dialog box background is a standard Windows application window with a neutral and technical tone, focused on monitoring provisioning jobs during system onboarding. No emotional content is present.

  3. To ensure that the file is updated, you can open the SampleDirectory.xml file.

Verify reconciliation

After configuring connectivity, ensure that the reconciliation between Actual and Desired state is working properly.

The request is a new desired state, which can be seen as a Direct reason.

Because OPS successfully provisioned the new assignments, you also have an Unconfirmed actual reason, also referred to as a provisioning claim.

Screenshot of the Reasons dialog box in Omada Identity displaying a table with columns for Reason, State, and Details. The table lists two rows: the first row shows Direct as the reason with Desired state and the second row shows Unconfirmed actual as the reason with Actual state. The dialog box background is a standard Windows application window with a neutral and technical tone, focused on presenting reconciliation reasons during system onboarding. No emotional content is present.
info

By default, a provisioning claim is valid for 48 hours or 2 days. This means that you must import data to the Omada Identity Data Warehouse within that time.

If you do not import the data in that time, a new provisioning job is automatically created in OPS.

To verify reconciliation:

  1. To ensure that you get a real Actual state, you must Import data, or run the warehouse import again.

    After running the warehouse import, the Reasons dialog box appears, showing an Actual direct reason.

    In addition to the Actual direct reason, in the following example, you also have the Unconfirmed actual reason which disappears when the reconciliation is configured correctly.

    Reasons dialog box in Omada Identity displaying a table with two rows. The first row lists Actual direct as the reason with Actual state, and the second row lists Unconfirmed actual as the reason with Actual state. The dialog box background is a standard Windows application window with a neutral and technical tone, focused on presenting reconciliation reasons during system onboarding. No emotional content is present.

  2. To check your query for importing accounts, in the System Onboarding page, click the Queries and mappings task.

  3. Select the Account query and click Edit.

    In the Edit account query mapping dialog box, go to the bottom pane. In the Mappings section, in the Destination column, you can see the Business key, Unique ID, and Account name fields with their respective default values in the Operator and Source columns.

    Edit account query mapping dialog box in Omada Identity showing a table with columns for Destination, Operator, and Source. The table lists three rows: Business key with operator Map and source UserId, Unique ID with operator Map and source UserId, and Account name with operator Expression and source {FirstName} {LastName}. The interface is a standard Windows application window with a neutral and technical tone, designed for configuring field mappings during system onboarding. No emotional content is present.

  4. In the Operator column for Account name, click the drop-down menu and select Map.

  5. In the Source field for the Account Name destination, move the regular expression from the Account name to the Display name destination. To do this, copy the regular expression to your clipboard, and paste it in the Display name destination.

  6. In the Source field for the Account name destination, enter UserId.

    Edit account query mapping dialog box in Omada Identity displaying a table with columns for Destination, Operator, and Source. The table lists three rows: Business key with operator Map and source UserId, Unique ID with operator Map and source UserId, and Display name with operator Expression and source FirstName LastName. The interface is a standard Windows application window with a neutral and technical tone, designed for configuring field mappings during system onboarding. No emotional content is present.

The destination Account name is now mapped directly to the source UserId. You have moved the expression to the Display name destination.

The Account name is imported as an expression where the variables FirstName and LastName are combined.

However, in your Desired state, the account name must be equal to the IDENTITYID of the identity. This means that Actual state and Desired state never match.

After running an import and after RoPE reconciles, you can see that there are only two reasons, the Actual direct (our actual state) and Direct (our desired state).

You have now verified reconciliation.

Reasons dialog box in Omada Identity displaying a table with two rows. The first row lists Actual direct as the reason with Actual state, and the second row lists Direct as the reason with Desired state. The dialog box background is a standard Windows application window with a neutral and technical tone, focused on presenting reconciliation reasons during system onboarding. No emotional content is present.