The Identity Manager AE Permission collector is an Application Source collector that creates the base OpenText Identity Managerapplication in OpenText Identity Governance and automatically generates subordinate applications that represent IDM Drivers, such as the CloudAD Driver and SAP User Management Driver, that support Identity Manager entitlements.
IMPORTANT:No other application source permission collector provides automatic generation of subordinate applications or accounts. This collector uses both LDAP calls into eDirectory and SOAP calls to the user applications to collect data. Due to the complexity of the relationships managed by this collector, proceed with caution when changing the default values and mappings.
In SaaS environments, when using the Cloud Bridge to collect data from your on-premises data centers, you will need to specify ordinals for the respective authentication method in the Cloud Bridge user interface (http://localhost (CBA IP address or DNS name):8080).
Before collecting Identity Manager AE permissions, ensure that you have installed the OpenText Identity Manager applications. Additionally, when using AD Driver with Identity Manager AE, ensure that the Remote Loader is running.
When configuring service parameters, ensure that you include the port number that you use to connect to your OpenText Identity Manager system in the User Application Base Provisioning Service URL field. Enter comma-separated values in the Additional permission attributes to collect field when you want to collect multiple attributes from Roles, Resources, Groups, and Container-type permissions in addition to the default attributes. When adding these additional permission attributes, you must also include the attributes in the collector views.
When the Identity Manager AE Permission collector collects any User record from the OpenText Identity Manager application that has an association with a subordinate application (through the DirXML Association attribute on the User), it receives an Account assignment for that subordinate application. The Identity Manager AE Permission collector also automatically maps the User record to the OpenText Identity Manager User.
If, after testing the connection and collecting data, you do not see the expected data in the OpenText Identity Governance Catalog, verify that your Account Collect LDAP Search Filter is configured correctly in the template, then use LDAP search from the command line or LDAP browser to confirm that the missing data is still available in your data source. You can also directly call the SOAP endpoint to get the refreshed values of the Identity Manager AE system attributes that are used for mapping.