/wiki/spaces/E2D/pages/29982926 / Installation and Configuration / Connecting to Directory Systems / Current: Connecting to IBM Domino |
EmpowerID IBM Domino connector allows organizations to bring the user and group data in their IBM Domino system to EmpowerID, where it can be managed and synchronized with data in any connected back-end user directories. Once connected, you can manage this data from EmpowerID in the following ways:
Additionally, EmpowerID provides Provisioning policies or Resource Entitlements that allow you to automatically provision Domino accounts for any person within your organization based on your policy requirements.
In order to connect EmpowerID to Domino, the following prerequisites need to be met:
|
This topic demonstrates how to connect EmpowerID to IBM Domino and is divided into the following activities:
Click Next to begin the installation.
After installing the EmpowerID Domino Web service, the next step is to connect EmpowerID to your IBM Domino Lotus directory.
Type the URL for the EmpowerID Domino Web service you installed above in the ServiceUrl field. When setting the URL, be sure to specify "https" as the scheme and the version of EmpowerID Domino Web service you are using. The URL should look similar to the following example:
https://192.168.15.99/LotusNotes/LotusNoteService.svc/v1 |
The Account Store Details screen contains three panes—the General pane, the Inventory pane, and the Group Membership Reconciliation pane—each with settings for configuring a different aspect of the Domino account store you just created. To view reference information about a particular pane, expand the drop-down for that pane.
|
From the General pane of the Account Store Details screen, enable each desired feature by toggling the icon to the right of each feature from a red sphere to a green check box. For example, if you want EmpowerID to provision an EmpowerID Person for each Domino user, toggle the red sphere to the right of Allow Person Provisioning to a green check box.
From the Inventory pane of the Account Store Details screen, do the following:
EmpowerID recommends using the Account Inbox to provision Person objects from user accounts. The below information is included to make you aware of the option to provision during inventory. |
Toggle Allow Automatic Person Provision On Inventory to reflect your policy for the account store (red sphere for disable and green checkbox for enable). When enabled (and Allow Person Provisioning is enabled for the account store), EmpowerID will provision Person objects for all new accounts discovered during inventory in real-time, if they meet the conditions of your Provision rules.
|
The last action to perform on this screen is to enable inventory. However, before doing so, it is important to configure the attribute flow rules for the account store and to enable the Account Inbox if batch processing of those accounts is desired.
|
From the Attribute Flow Rules page, click the Advanced Search drop-down button, enter the name of the account store for which you want to configure the flow rules and then click Search to filter the rules shown in the grid.
The attributes from the EmpowerID Person object are displayed in the left column with the corresponding attributes from the account store displayed in the right column. |
To change the flow for an attribute, click the Attribute Flow drop-down located between the Person Attribute column and the External Directory Attribute column, and select the desired flow direction from the context menu.
To change the score for any of the available CRUD operations (Create, Update and Delete), enter the new score in the appropriate field. By default, scores are weighted evenly, which means that a change to an attribute originating in one connected external directory has the same authority as a change to an attribute occurring in another connected external directory.
EmpowerID only considers scores for attribute CRUD operations when multiple account stores with the same user records are connected to EmpowerID, such as would be the case if an HR System and Google Apps were being inventoried by EmpowerID. |
Return to the Account Store Details screen in Configuration Manager.
Look over your settings one last time and when satisfied, turn on inventory by toggling the Enable Inventory button from a red sphere to a green check box.
If you are using the Account Inbox to provision or join the user accounts in IBM Domino to Empower Persons, you need to turn on the Account Inbox. This is demonstrated in the below section.
|
|