Identity Governance allows a Global Administrator or Data Administrator to define data storage locations to reference when creating custom metrics collections. In addition, metrics data stores allow you to easily create multiple metrics collections that use the same metrics data store.
NOTE:Metrics collections can use the same metrics data store, but if the data store is a database, each metrics collection using that data store must specify a different database table.
Identity Governance allows you to configure the following data store types:
Local Database (Identity Governance databases)
Vertica
Kafka
Oracle
PostgreSQL
MS SQL
Before you create a custom data store type, create a database schema that includes a new database and table for the data store you want to create.
If you want to create a metrics data store and configure the database to use SSL communication, you must first create and configure the proper global configuration properties for your data store type and for the SSL type -- server authentication or mutual authentication. Use the table below to determine which configuration properties you need to create and the values for each.
Table 31-1 Global Configuration Properties and Value Types for Data Store and SSL Types
Data Store Type/SSL Type |
Configuration Property |
Value Type |
---|---|---|
Vertica/Server |
com.netiq.iac.vertica.ssl.truststore.path |
Filename |
Vertica/Server |
com.netiq.iac.vertica.ssl.truststore.password |
Password |
Vertica/Mutual |
com.netiq.iac.vertica.ssl.truststore.path |
Filename |
Vertica/Mutual |
com.netiq.iac.vertica.ssl.truststore.password |
Password |
Vertica/Mutual |
com.netiq.iac.vertica.ssl.keystore.path |
Filename |
Vertica/Mutual |
com.netiq.iac.vertica.ssl.keystore.password |
Password |
Oracle/Server |
com.netiq.iac.oracle.ssl.truststore.path |
Filename |
Oracle/Server |
com.netiq.iac.oracle.ssl.truststore.type |
Type of truststore |
Oracle/Server |
com.netiq.iac.oracle.ssl.truststore.password |
Password |
Oracle/Mutual |
com.netiq.iac.oracle.ssl.truststore.path |
Filename |
Oracle/Mutual |
com.netiq.iac.oracle.ssl.truststore.type |
Type of truststore |
Oracle/Mutual |
com.netiq.iac.oracle.ssl.truststore.password |
Password |
Oracle/Mutual |
com.netiq.iac.oracle.ssl.keystore.path |
Filename |
Oracle/Mutual |
com.netiq.iac.oracle.ssl.keystore.type |
Type of truststore |
Oracle/Mutual |
com.netiq.iac.oracle.ssl.keystore.password |
Password |
PostgreSQL/Server |
com.netiq.iac.postgres.ssl.root.cert |
Contents of the certificate NOTE:Do not use a filename. |
PostgreSQL/Mutual |
com.netiq.iac.postgres.ssl.root.cert |
Contents of the certificate NOTE:Do not use a filename. |
PostgreSQL/Mutual |
com.netiq.iac.postgres.ssl.client.cert |
Contents of the certificate NOTE:Do not use a filename. |
PostgreSQL/Mutual |
com.netiq.iac.postgres.ssl.client.key |
Contents of the key NOTE:Do not use a filename. |
MS SQL/Server |
com.netiq.iac.mssql.ssl.server.cert |
Contents of the certificate NOTE:Do not use a filename. |
MS SQL/Server |
com.netiq.iac.mssql.ssl.password |
Password |
Use the information from this table to create and configure the required configuration properties for the metrics data store you want to create.
NOTE:The configuration properties required for SSL communication could already exist in your environment. You can select Configuration > Advanced, then use the search feature to verify whether the configuration property you need is already configured as a global configuration setting.
To create and configure the proper global configuration properties for your data store type and for the SSL type:
Log in as a Global Administrator.
Select Configuration > Advanced.
Next to Global Configuration Settings, click the plus sign (+).
Type the name of the configuration property you want to create, then click Add.
Type the value for the configuration property you want to create, then click Create.
Perform Step 3 through Step 5 for each property you need to create.
To create a metrics data store:
Log in as a Global or Data Administrator.
Select Configuration > Analytics and Role Mining Settings.
Next to Metrics Data Stores, click +.
Provide the requested Metrics Data Store Details.
Provide the configuration information for the selected data store type.
NOTE:If you select Kafka as the data store type, you must click Import Kafka Configuration, and then browse to select a JSON file that contains configuration information. You can click the “?” icon to view sample code you can copy and paste into a text editor to modify and create a JSON properties file.
Click Test Connection to verify your settings.
Click Save.