LogoLogo
3.1.7
3.1.7
  • Getting Started
    • What is Cymmetri?
    • Release Notes
      • 3.0.1-Beta
      • 3.0.2-Beta
      • 3.0.3-Beta
      • 3.0.4-Beta
      • 3.0.5-Beta
      • 3.0.6-Beta
      • 3.0.7-Beta
      • 3.0.8-Beta
      • 3.0.9-Beta
      • 3.0.10-Beta
      • 3.0.11-Beta
      • 3.0.12-Beta
      • 3.1.0 - Product Release
      • 3.1.1-Beta
      • 3.1.2 - Product Release
      • 3.1.3-Beta
      • 3.1.4-Beta
      • 3.1.5-Beta
      • 3.1.6 -Beta
      • 3.1.7 - Product Release
      • 3.1.8 -Beta
      • 3.1.9-Beta
      • 3.1.10-Beta
      • 3.1.11-Beta
      • 3.1.12-Beta
      • 3.1.13-Beta
      • 3.1.15 -Beta
      • 3.1.16
      • 3.1.17
      • 3.1.18
      • 3.1.15 - Product Release
      • 3.0.x Consolidated
      • 3.1.x Consolidated
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Config
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
      • API Client
      • Batch Tasks
      • API Extension
    • Global Search
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Edit Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Application Detail
        • Dynamic Forms
        • Configuring Connector Server
        • 360 Degree Recon
      • Provisioning How to
        • Cymmetri Connector List
        • Supported Provisioning Operations
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
        • ServiceNow Provisioning
        • AMAYA
        • HRMS
          • Darwin Box
        • Database Provisioning
        • CSV Directory (Flat-file)
        • Managing Manual Application Assignments
        • SOAP Connector (XML)
        • Integration with Service Desk Management Systems
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
    • On Demand Access
    • Form Logic
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Compliance Management
      • IGA Policy Violations
    • Insights
      • Reports
      • Risk
      • Management Dashboards
        • CISO Dashboard
        • CRO Dashboard
      • Industry Compliance
    • Access Certification
      • Setting up and managing Access Reviews
    • Recommendation Engine
    • Role Management
      • Role Mining
      • Entitlements
      • Managing Roles in Cymmetri
    • Segregation Of Duties (SOD)
  • Self-Service App
  • Analytics
    • Cymmetri Analytics
Powered by GitBook

Cymmetri.com

On this page
  • Configuration
  • Configuring the Database Application

Was this helpful?

Export as PDF
  1. Lifecycle Management
  2. Application Management
  3. Provisioning How to

Database Provisioning

Was this helpful?

In Cymmetri, database provisioning involves setting up and managing database access for provisioning users from the Database Management System into Cymmetri.

Configuration

To configure a Database application for provisioning we need a database on the server. We need one table in the database on which we want to create users.

In the above image Userdetails is a table with some basic fields.

Configuring the Database Application

To configure Database Application with cymmetri we need to configure ScriptOn (Database) Application. Please follow the steps provided below.

  1. Get ScriptOn (Database) Application from Cymmetri Master apps list

  2. After Getting application from Cymmetri Master activate provisioning of selected application i.e ScriptOn application (Database).After successfully activation of provisioning, setup server configuration.

Note: Basic configuration is already provided in cymmetri master application. If the connid server is configured externally then configure server config as per requirement.

  1. After successfully configuring server configuration, next step is to configure User Configuration. This is the most important step to connect and perform operations with ScriptOn (Database) applications.

  2. To configure User configuration please refer to the following steps (It is abstract level steps that may be vary as per client). Following are the basic configuration which is required for every ScriptOn (Database) application to connect.

    1. Database :- Name of the database on the database server that contains the table.

    2. Datasource Path :- JDBC Data Source to connect to the database server.

    3. Host :- The name of the host where the database is running.(eg localhost or 10.0.1.7)

    4. JDBC Driver :- The JDBC Driver class name.

      Eg: For Oracle Driver Class Name is oracle.jdbc.driver.OracleDriver For MySQL is org.gjt.mm.mysql.Driver For PostgreSQL is org.postgresql.Driver

    5. JDBC Connection URL :- Specify the JDBC Driver Connection URL. Examples: Oracle: jdbc:oracle:thin:@[host]:[port(1521)]:[DB] MySQL: jdbc:mysql://[host]:[port(3306)]/[db] PostgreSQL template is jdbc:postgresql://[host]:[port(5432)]/[db]

    6. Db is a database name. It Could be empty if a datasource is provided.

    7. User Password :- User account that has permission to access accounts table.

    8. Port :- The port number the database server is listening on. For postgreSQL it could be 5432. For mysql it could be 3306. We need to use it according to our database.

    9. Reload Script On Execution :- This flag value must be true if we pass scripts file name (Groovy Scripts upload in server)

    10. User :- The name of the mandatory Database user with permission to the account table.

    11. Test Script or Test Script File Name :- Test script for testing connection from database with Cymmetri

    12. Create Script or Create Script File Name :- Create user script for creating user in database application (supports PostgreSQL, MySQL, Oracle 11g) <uid needs to return from create script>

    13. Update Script or Update Script File Name :- Update user script for updating user in database application (supports PostgreSQL, MySQL, Oracle 11g) <user update based on uid>

    14. Delete Script or Delete Script File Name :- Delete user script for deleting user from database application (supports PostgreSQL, MySQL, Oracle 11g) <user delete based on uid>

    15. Search Script or Search Script File Name :- Search script for searching user from database (Bulk search)

    16. Sync Script or Sync Script File Name :- Sync script for Synchronizing users from database into/from cymmetri.

Above are the most important fields in user configuration which need to be configured. The details for the above fields are given in the application configuration page.

  1. Configuring all the user and server configuration with proper data and Test application for connectivity. If it is successful then we can proceed for assignment and reconciliation operations or if it fails then check the audit log for error.

  2. Other than user and server configuration we need Policy Attribute and Policy Map for mapping attributes of Database application with Cymmetri.

  3. Following are the steps to configure policy attribute and policy map.

    1. Policy Attribute :- There is default policy attribute cymmetri master application provides which has basic fields which needs to be configured for performing provisioning operation.

  1. To add a new policy attribute click on the new button and add policyAttribute and its description.

  2. Policy Map :- There is default policy map present in cymmetri master application which provides basic mapping of ScriptOn (Database) application with cymmetri. To configure these mapping we need to activate it as in create only and update only flags need to be true as per requirement.

  3. To add a new policy map click to Add Cymmetri field.

  1. Some important policy map fields which need to be declared in the policy map are as follows.

    1. __NAME__ :- users login (supports from ‘cloud_2.7.21’)

    2. __PASSWORD__ :- users password (supports from ‘cloud_2.7.21’)

  2. For sample script please validate following link

  1. We need to provide Groovy code to run create user, update user, delete user and also recon pull and push (for recon pull we need to add sync script and for recon push we need to add search script)

Note: Please Configure script step by step

  1. Configure test script at initial step and then test configuration for provided script (If configure successfully then only go for step b).

  2. Configure create script and test configuration (If successfully configured then only go for step c).

  3. Configure update script and test configuration (If successfully configured then only go for step d).

  4. Configure delete script and test configuration (If successfully configured then only go for step e).

  5. Configure sync(pull) script and test configuration (If successfully configured then only go for step f).

  6. Configure search(push) script and test configuration (If successfully configured then only go to the next step).

NOTE :- While configuring the database you need to add a jdbc jar for a particular database into connid server (Inside the lib folder of the connid server).

https://drive.google.com/drive/folders/1-XSIlHSnf6UM0JYiaysA5Vg-TdfrMe0I?usp=drive_link