Resources (target or source systems) are the heart of every identity management system or provisioning tool. Of course, one might argue that users (subjects) are most important and that statement is not wrong. However, without resources, there would simply be nowhere to connect to. Certainly, this debate is not the point of this article. Its point is to present new feature in midPoint introduced in release 3.1 (Sinan) – resource wizard.
The ability to handle connected resource is one of the most important indicators of quality of every identity management tool. MidPoint provides vast configuration options for resources and one of the challenges we faced recently was to create an intuitive, easy to use and comprehensive web interface for resource configuration. In release 3.1 (Sinan), we present the result of our work, the resource wizard.
Using resource wizard, one is able to create complex and complete configuration for almost any resource that can be connected to midPoint as well as edit existing resource configuration. For resource configuration complexity reasons, we decided to divide configuration wizard into following steps:
- Basic configuration step – the first very basic step that allows defining basic resource specifications such as name, description, connector host and type.
- Connector configuration step – provides option to configure connection to resource. This configuration is specific for the type of resource and it may vary from simple file-path definition (e.g. in CSV resource) or more complex connection definition (e.g. server url, port etc. in case of LDAP-based resources)
- Schema step – is mostly read-only step. Administrator is able to view and manually alter XSD definition of resource schema of connected resource or view defined data types for accounts, groups, entitlements or organizational units.
- Schema handling step – is probably the most important step of resource wizard. This is the place where all the magic happens. Schema handling is a definition of how midPoint works with resource schema. This step provides vast options how to define work with resource attributes, for example via mappings. It is also possible to define limitations for resource attributes, iteration mechanism, activation and credentials or even define and configure resource protected accounts.
- Resource capabilities step – is a section, where administrator can define what resource can do by itself (native capabilities) and what it can do with the help of midPoint (configured capabilities). This section is again very specific for given resource. Each resource provides a different set of native capabilities. Even if resource does not provide some capability, it can be simulated by midPoint.
- Synchronization step – is a place to define a synchronization mechanism for connected resource. This mechanism is used in several identity processes, e.g. live synchronization, reconciliation, import, discovery etc. It basically provides two important setting options. The first are correlation and confirmation expressions for locating resource account owner and the second are reaction rules – the definition of midPoint behaviour for specific synchronization situations.
The main purpose of resource wizard is to make the cumbersome and relatively complicated process of resource configuration easier and more user-friendly. That is why most configuration fields contain a little help in form of blue information icons that will show quick hints. Each step also contains a simple tutorial that can be activated by clicking on the blue question mark icon in the right upper corner of the step.
Of course, this is not the final form of resource wizard and new improvements are in progress even right now, so any feedback is highly appreciated.