Skip to main content

Step 2 – Test the connectivity

The next step in the end-to-end tutorial is to test your connectivity and see where each of the deployed and registered components comes into play.

Register a system

The first step in testing the connectivity is to register a new system to manage the sampledirectory.xml file.

You must be an Omada Identity System Administrator to perform this procedure. To register a system:

  • Open Omada Identity and click Services > Register New System.
  • In the Register new system dialog box, enter a Name and a System ID, and in the Category field, click the drop-down arrow and select New.
  • In the Register new system dialog box, in the Collector technology section, click the drop-down arrow and select the Acme Foo Collector.
  • In the Content section, select Access rights, then click OK. The system is now registered.

Onboard, import, and review data

When the system is registered, you must continue the system onboarding by importing data. To continue system onboarding:

  • Go to Setup > Master data > Systems, and select the system that you registered. This brings up the System Onboarding page.

  • In the Tasks section, expand System definition, and perform the tasks for Connection details and Queries and mappings.

  • The configuration of both tasks is defined in the Onboarding configuration.xml file located in the C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\configuration folder.

Test Connection details

In the following test, you deliberately enter incorrect information to verify that the check of connection details works as intended. The following two validations are done by the deployed and registered POST action: validation of the file name, and verification that the file exists.

To test connection details:

  • In the System Onboarding page, click the Connection details task. In the dialog box, enter a random File path, for example: C:\some file.

  • Select the Test connection checkbox, and then click OK. The following error message appears:

  • Click OK to go back to the Connection details dialog box.

  • This time enter the correct full path to the SampleDirectory.xml file, for example C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\SampleDirectory.xml.

  • Click OK. In the System Onboarding page, the status of the Connection details task turns green to OK.

Test queries and mappings

Queries and mappings define the data that is extracted and how it will be mapped into the Omada Identity Data Warehouse (ODW).

To test queries and mappings:

  • In the System Onboarding page, click the Queries and mappings task. The list of queries and mappings is prefilled with 3 queries:
    • Resource
    • Account
    • Resource assignment

The predefined queries are also specified in the Onboarding configuration.xml file located in the folder C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end \configuration.

Click OK. The Queries and Mappings task status turns green. This means queries and mappings are working properly.

Import data

info

Before you can import data, in the System Onboarding page, go to the Account rules task, and edit the status to OK.

In the System Onboarding page, click the Import data task. Omada Identity then automatically creates a new import profile, which imports data from your new system.

Click OK and wait for the import to finish.

Review imported data

When the data import is finished, click the Resources tasks to see the resources found in the system, for example:

In the Resources dialog box, in the Resource ID column, the first two resources match the Roles in the SampleDirectory.xml file.

You have now imported roles, which are called resources in Omada Identity. The imported resources have Foo Role as their Resource type. This resource type was created automatically when you registered the system. Information about the resource types to be created during registration is stored in the Onboarding configuration.xml file located in the folder C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\configuration.

info

In the list of resources, the last two resources are account resources that are automatically created when you register a new system.

Setup provisioning

To set up provisioning so that requested accesses are written to your SampleDirectory.xml file:

  1. In the System Onboarding page, click the Enable provisioning task. In the drop-down menu, select the Omada Provisioning Service (OPS) for provisioning accounts and assignments.

  2. In the Enable provisioning dialog box, in the Provisioning Connector field, click the drop-down arrow and select the Acme Foo Connector.

  3. Click OK. The status of the Enable provisioning task turns green to OK.

Inspect the data model

The next step is to inspect the data model for the connector. This data model is created as part of the system registration.

The data model is defined in the Data model.xml file located in the folder C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\configuration. For example, you can see how the Data model.xml file is referenced by looking at the connector registration in the registration.xml file:

To inspect the data model:

  1. In the System Onboarding page, in the Data model task, edit the status and set it to OK.
  2. The status of the Data model task turns green to OK.

Task mappings

Next, you must specify task mappings that dictate how properties in RoPE are mapped to properties in the connector data model.

As part of the system registration, two task mapping objects were created. You can see them in the registration.xml file:

The entries reference the mapping.xml in 2 files that are located in the folder C:\Program Files\Omada SDK\V14.0\tutorials\end-to-end\configuration.

To specify task mappings:

  1. In the System Onboarding page, select the Task mappings task. In the Task mappings dialog box, map the Foo Role resource type to Foo Assignment, and then map the Sample Directory Account to Foo User.

    note

    The Sample Directory Account can have a different name if you named your system differently during the registration process.

    The number of resource types can vary depending on your system setup.

  2. When you are finished specifying task mappings, click OK.

  3. In the System Onboarding page, in the Task mappings task, edit the status and set it to OK. The task then turns green.

  4. To send the provisioning configuration to the Omada Provisioning

  5. Service (OPS), click Commit settings.

Test provisioning functionality

Ensure that the service account used for running the Omada Provisioning Service Windows service has write access to the file.

To test if provisioning works:

  1. Log in as a user, and request access to the system that you registered. If the access request is not automatically approved, log in as an approver and approve it.

    note

    In the example above, the user Trudy Jones has requested access to a Sample Directory Personal account and to Role A.

  2. After you approve the access request, in the provisioning monitor, in the Tasks for job dialog box, you can see that a new job with two tasks were created and their status says Completed.

  3. To ensure that the file is updated, you can open the SampleDirectory.xml file.

Verify reconciliation

After configuring connectivity, ensure that the reconciliation between Actual and Desired state is working properly.

The request is a new desired state, which can be seen as a Direct reason.

Because OPS successfully provisioned the new assignments, you also have an Unconfirmed actual reason, also referred to as a provisioning claim.

info

By default, a provisioning claim is valid for 48 hours or 2 days. This means that you must import data to the Omada Identity Data Warehouse within that time.

If you do not import the data in that time, a new provisioning job is automatically created in OPS.

To verify reconciliation:

  1. To ensure that you get a real Actual state, you must Import data, or run the warehouse import again.

    After running the warehouse import, the Reasons dialog box appears, showing an Actual direct reason.

    In addition to the Actual direct reason, in the following example, you also have the Unconfirmed actual reason which disappears when the reconciliation is configured correctly.

  2. To check your query for importing accounts, in the System Onboarding page, click the Queries and mappings task.

  3. Select the Account query and click Edit.

    In the Edit 'account' query mapping dialog box, go to the bottom pane. In the Mappings section, in the Destination column, you can see the Business key, Unique ID, and Account name fields with their respective default values in the Operator and Source columns.

  4. In the Operator column for Account name, click the drop-down menu and select Map.

  5. In the Source field for the Account Name destination, move the regular expression from the Account name to the Display name destination. To do this, copy the regular expression to your clipboard, and paste it in the Display name destination.

  6. In the Source field for the Account name destination, enter UserId.

The destination Account name is now mapped directly to the source UserId. You have moved the expression to the Display name destination.

The Account name is imported as an expression where the variables FirstName and LastName are combined.

However, in your Desired state, the account name must be equal to the IDENTITYID of the identity. This means that Actual state and Desired state never match.

After running an import and after RoPE reconciles, you can see that there are only two reasons, the Actual direct (our actual state) and Direct (our desired state).

You have now verified reconciliation.