Data provisioning

To enable data provisioning, use the following settings in the Enable provisioning view:

• Method for accounts: Omada Provisioning Service
• Method for assignments: Omada Provisioning Service
• Provisioning connector: Fileshare
• Use default configuration: Select the checkbox

Data provisioning configuration

Parameter	Value
Hostname	Hostname
User name	User name
Authentication method	password
Password	password
Port	22
Test connection	Select the checkbox

Advanced settings

Go to the Delay tab and use the following settings:

• When delay tasks? - set Always.
• Delay between tasks - set 30.

Task Mappings

Parameter	Resource type	Description
Resource	Fileshare	Contains mapping of resources to create a folder and fileshare with read and write permissions.

The Resource (Fileshare) object has the following properties:

Parameter	Operator	Source
Object Id	Map	ObjectId
Object type	Constant	SshCommand
Operation	Map
Command	Expression	Operation == "Create" ? "$domain = (Get-ADDomain).Name; New-Item -Path \"{path}\\{fileshareName}\" -ItemType Directory -Force; icacls \"{path}\\{fileshareName}\" /grant \"$domain\\{fileshareName}_Read:(OI)(CI)R\" /T /C; icacls \"{path}\\{fileshareName}\" /grant \"$domain\\{fileshareName}_Write:(OI)(CI)M\" /T /C; New-SmbShare -Name \"{fileshareName}\" -Path \"{path}\\{fileshareName}\" -ReadAccess \"$domain\\{fileshareName}_Read\" -ChangeAccess \"$domain\\{fileshareName}_Write\"" : null
Command	Expression	Operation == "Delete" ? "Remove-SmbShare -Name \"{fileshareName}\" -Force; Remove-Item -Path \"{path}\\{fileshareName}\" -Recurse -Force" : null
fileshareName	Map	RLM_DisplayName
path	Map	RLM_DESCRIPTION

Copy rules

Copy rules define the data that needs to be copied from one data object to another, ensuring accurate data transfer between the properties of the action object and the corresponding properties of the target data object.

Create the event definitions and copy rules to ensure the proper functioning of the process. These configurations are crucial for automating the creation and management of Active Directory groups associated with your Fileshare resources and for maintaining data consistency and security.

Event definitions are required to trigger the appropriate actions when Fileshare resources are created or deleted. Copy rules define the data mappings necessary to copy information between different objects, ensuring that the groups and their permissions are accurately configured and updated.

note

Before creating event definitions and copy rules, it is recommended to perform the initial import first.

Create a new copy rule in Omada Identity Enterprise Server:

1. Go to Setup > Process configuration > Copy rules. Click New.
2. Enter the following details and click Apply:
   • Source object: Resource
   • Destination object: Resource
3. Below Field Mappings, click Add. Create the following copy rules and click OK:

Number	Details
1.	Copy/Assign: Template from source object Text: [ROLEID]_Write Copy to property: Resource ID
2.	Copy/Assign: Template from source object Text: [NAME]_Write Copy to property: Name
3.	Copy/Assign: Constant value Constant type: Reference property value(s) Reference property value(s): Choose your Active Directory system Copy to property: System
4.	Copy/Assign: Constant value Constant type: Reference property value(s) Reference property value(s): Choose your Active Directory Folder Copy to property: Resource folder
5.	Copy/Assign: Constant value Constant type: Reference property value(s) Reference property value(s): Choose your Resource type for Security Groups in Active Directory Copy to property: Resource type
6.	Copy/Assign: Property value from object Copy from this property on source object: Resource category Copy to property: Resource category

4. Go to Setup > Process configuration > Copy rules. Click New.
5. Enter the following details and click Apply:
   • Source object: Resource
   • Destination object: Resource
6. Below Field Mappings, click Add. Create the following copy rules and click OK:

Number	Details
1.	Copy/Assign: Template from source object Text: [ROLEID]_Read Copy to property: Resource ID
2.	Copy/Assign: Template from source object Text: [NAME]_Read Copy to property: Name
3.	Copy/Assign: Constant value Constant type: Reference property value(s) Reference property value(s): Choose your Active Directory system Copy to property: System
4.	Copy/Assign: Constant value Constant type: Reference property value(s) Reference property value(s): Choose your Active Directory Folder Copy to property: Resource folder
5.	Copy/Assign: Constant value Constant type: Reference property value(s) Reference property value(s): Choose your Resource type for Security Groups in Active Directory Copy to property: Resource type
6.	Copy/Assign: Property value from object Copy from this property on source object: Resource category Copy to property: Resource category

Event Definition

Establish event definitions after completing the initial import. These event definitions are intended to automate actions triggered by the creation and deletion of Fileshare resources. Additionally, they facilitate the automatic creation of two Active Directory groups (one for read access and another for write access) associated with each Fileshare resource. These groups are used to manage access permissions within the Fileshare.

Fileshare resource type creation process

When you create a resource type Fileshare in Omada Identity, it triggers the creation of two Active Directory groups: a read group and a write group. These groups are created to manage access permissions for the Fileshare.

Fileshare creation

1. A Fileshare is created in the Windows Server with a specified name (for example: Omada).
2. Along with this Fileshare, two groups are automatically created in Active Directory:
   • Omada_read: This group is for users who need read-only access.
   • Omada_write: This group is for users who need write access.

Folder and Fileshare Setup

1. A corresponding folder named Omada is created on the Windows Server, and groups with read and write permissions are added to the folder.
2. A Fileshare named Omada is established on the server, which is configured to grant access to the two Active Directory groups:
   • Users in the Omada_read group have read-only permissions on the Fileshare.
   • Users in the Omada_write group have read and write permissions.

Managing Access
To add or remove users from these access groups, manage the membership of Omada_read and Omada_write groups through Active Directory. This allows for streamlined and secure access management without needing to alter the Fileshare settings directly.

note

The system is configured by default to send the path of the folder and the Fileshare. This is set to be included in the description field of the resource.

Fileshare

The purpose of this event is to automate the creation of Active Directory groups for read and write access when a Fileshare resource is created in Omada. It also ensures that the name field is copied to the logical key field to prevent the duplication of Fileshare resources during imports.

1. Go to Setup > Process configuration > Event definitions. Click New.
2. Create a new event definition. Enter the following details and click Apply:
   • Name: Create read and write groups in Active Directory
   • Event is triggered when: Check the A new object is created box
   • Triggers on object of type: Resources
3. On the top left side, click Filter.
4. Click Filter expressions and then New. Enter the following details and click OK:

• Left side: Resource type
• Inner operator: in
• Right side: Fileshare

5. Under Triggers on object of type, click New.

6. Check the Execute code method box. Click OK and enter the following settings:

   • Assembly: Omada.OE.UtilityCodeAssembly.dll[1]
   • Class name: Omada.OE.UtilityCodeAssembly.Main
   • Name of method: CopySourcePropertyToTargetProperty
   • sourcePropertySysName: NAME
   • targetPropertySysName: ODWLOGICKEY
   

7. Under Triggers on object of type, click New.

8. Check the Execute code method box. Click OK and enter the following settings:

   • Assembly: Omada.OE.UtilityCodeAssembly.dll [1]
   • Class name: Omada.OE.UtilityCodeAssembly.Main
   • Name of method: CreateDataObjectFromTemplate
   • newDataObjectTypeUldStr: 39b5bdb6-4bf8-4f32-b1a5-0cab3b29f010
   • copyRuleUldStr: To correctly populate this field, you will need the UID of the copy rule created for the read group. You can obtain this by pressing Ctrl and right-clicking on the rule created for the read group, then selecting Form data UID.
   

9. Under Triggers on object of type, click New.

10. Check the Execute code method box. Click OK and enter the following settings:

• Assembly: Omada.OE.UtilityCodeAssembly.dll [1]
• Class name: Omada.OE.UtilityCodeAssembly.Main
• Name of method: CreateDataObjectFromTemplate
• newDataObjectTypeUldStr: 39b5bdb6-4bf8-4f32-b1a5-0cab3b29f010
• copyRuleUldStr: To correctly populate this field, you will need the UID of the copy rule created for the write group. You can obtain this by pressing Ctrl and right-clicking on the rule created for the read group, then selecting Form data UID.

11. Click OK.

Trigger to create a Fileshare resource

This event is used to trigger an OPS task for the Fileshare system.

1. Go to Setup > Process configuration > Event definitions. Click New.

2. Create a new event definition. Enter the following details and click Apply:

   • Name: Fileshare - Create
   • Event is triggered when: Check the A new object is created box
   • Triggers on object of type: Resources

3. On the top left side, click Filter.

4. Click Filter expressions and then New. Enter the following details and click OK:

• Left side: Resource type
• Inner operator: in
• Right side: Fileshare

5. Under Triggers on object of type, click New.

6. Check the Execute code method box. Click OK and enter the following settings:

   • Assembly: Omada.OE.Solution.OIM.Assembly.dll [2]
   • Class name: Omada.OE.Solution.OIM.Assembly.OPS.ResourceLifeCycleManagement
   • Name of method: SubmitProvisioningjob
   • operationEnum: Create
   

7. Click OK.

Trigger to delete a Fileshare resource

This event is used to trigger an OPS task for the Fileshare system.

1. Go to Setup > Process configuration > Event definitions. Click New.
2. Create a new event definition. Enter the following details and click Apply:
   • Name: Fileshare - Delete
   • Event is triggered when: Check the An existing object is deleted box
   • Triggers on object of type: Resources
3. On the top left side, click Filter.
4. Click Filter expressions and then New. Enter the following details and click OK:

• Left side: Resource type
• Inner operator: in
• Right side: Fileshare

5. Under Triggers on object of type, click New.

6. Check the Execute code method box. Click OK and enter the following settings:

   • Assembly: Omada.OE.Solution.OIM.Assembly.dll [2]

   • Class name: Omada.OE.Solution.OIM.Assembly.OPS.ResourceLifeCycleManagement

   • Name of method: SubmitProvisioningjob

   • operationEnum: Delete

     

7. Click OK.