This content has been marked as final. Show 4 replies
Hi *,Firstly, I found your 'Hi all' clever and somewhat halarious
If I got it right, an "account" is just the information about the user account in a given resource. Right?Yeah near enough, when you import an account into OIA, you're bringing the account ID along with it's associated information and access rights from a given resource
How are group memberships in a resource considered? (E.g. a global group membership in a specific AD resource) Is that referred to as an entitlement?Group Membership is associated as a attribute to an account (not entitlement). In OIA terms, entitlements are granulated access rights that is associated to an attribute
(Rubbish diagram below || )
Account1 -> Attribute1---> Entitlement1
..............-> Attribute2---> Entitlement1
Currently, you cannot import user/role association via CSV because of the approval workflow it has to pass through. You can assign user/role by creating rule correlations
Thanks for the reply. It becomes clearer. According to previous post, I setup the following things:
Resource Type: ActiveDirectory ; ShortName: MAD
Resource Type Category: User-Object-Attributes
Attributes of previous Category: user-memberOf and user-samAccountName (both of them are Managed, Importable, Multi Value, Auditable and Minable)
Resource: AD production
The system contains users, policies and roles and a business structure.
As for the import of accounts I have the following rbx account definition:
# @iam:namespace name="ActiveDirectory" shortName="MAD"
Example for the input I created a mad_accounts.csv:
The import failed though...
Two things remain unclear:
(1) What is the meaning of "domain" in an account rbx file?
(2) How can I import multiple group memberships for one user? Each groupmembership is one line? or can I set the last column as "group1, group2, group3" or something alike?
Thanks a lot in advance for your support.
(1) What is the meaning of "domain" in an account rbx file?AD is a good example for explaining 'Domain'
Domain is a mandatory attribute. You can have multiple domains in an organisation of which can contain multiple endpoints.
Imagine you're importing 5 endpoints...
Domain 'APAC.Google.com' has endpoints ADServer1, ADServer2 & ADServer3
Domain'AMEX.Google.com' has endpoints ADServer1 & ADServer2
Even though the technology is the same 'Active Directory', 2 endpoints are named the same, though are on different domains. Using 'domain' will allows you to segregate endpoints, which might be the same name, from different domains
(2) How can I import multiple group memberships for one user? Each groupmembership is one line? or can I set the last column as "group1, group2, group3" or something alike?Yeah you've answered your own question. Each attribute is encapsulated by double quotes, though multiple values are separated by comma's
(You can ignore the double quotes and OIA will be able to determine each comma as a separate attribute, though it's best practice to use double quotes and commas at the same time)
Regarding the importing of user-role information, I am not aware of any methods to import data in:
But, you can import the associations in the converse format,i.e.:
You can use the schema field "globalusers" and specify the userids of the users as a comma-seperated field.
Hope it helps!