Using Relational Database (RMDB) as an Identity Source

Overview

This article describes how to configure a database as an identity source in the IDaaS platform, synchronize organizational structure and user data from the database to the IDaaS platform, and ensure data consistency across various application systems within the enterprise.

Prerequisites

• Currently, only PostgreSQL database reclamation is supported.
• Have query permissions for the database, allowing SQL queries to retrieve data from tables or views containing organization and user information.
• Have administrator permissions for the IDaaS Enterprise Center platform.

Configuring RMDB as an Identity Source in IDaaS

1. Log in to the IDaaS Enterprise Center platform. In the top navigation bar, select "Users > Identity Source Management", click "Add Identity Source", and choose the "RMDB" identity source.

   

2. Customize the identity source name. Fill in parameters such as host, port, database username, and database password as prompted on the interface. After configuration, click "OK" to save.

3. Enter the details page of the newly added identity source to view and update the "Basic Configuration" of the RMDB identity source, including connection parameters, full synchronization, and incremental synchronization configuration items.

   Connection Parameters

   

   Full Synchronization

   

   Incremental Synchronization

   

4. Switch to the "Advanced Configuration" tab. It is recommended to keep the default settings or fill them in according to actual needs.

   

   Parameter	Description
   Select Root Organization	Import data from the identity source into this organization. Keep the default.
   Organization Matching Strategy	Mapping relationship for importing organizations from the database identity source into IDaaS. Keep the default.
   Create Organization	Keep "Yes" selected by default.
   Update Organization	Keep "Yes" selected by default.
   Delete Organization	Keep "Retain Organization" by default (i.e., retain the organization in IDaaS). Also supports disabling or deleting the organization.
   User Matching Strategy	Mapping relationship for importing users from the database identity source into IDaaS. Keep the default.
   Create User	Keep "Yes" selected by default.
   Update User	Keep "Yes" selected by default.
   Delete User	Keep "Disable User" by default (i.e., delete the user in the database and disable the user in IDaaS). Also supports retaining or deleting the user.
   Security Threshold Adjustment	Set the maximum threshold percentage for scenarios when the upstream identity source has user deletions, organization deletions, or organizational hierarchy changes. Threshold = (Difference between platform reclaimed data and current reclaimed data / Reclaimed data) * 100%. When the upstream identity source disables/deletes data exceeding the set threshold, the platform will not perform disable/delete operations upon receiving the command.

5. After configuration is complete, switch to the "Object Model" tab, select "Mapping Definition", set the transformation method for "username account name" to "Automatic Transformation", the execution method to "Create", and the corresponding system user attribute to "Username".

The Object Model supports mapping and matching attributes on users and organizations from the database identity source with attributes of users and organizations in IDaaS. After configuration, it enables retrieving user and organization attributes from the database to the corresponding user and organization attributes in IDaaS.

• Execution Method: Sets under which circumstances the attribute needs to be mapped.
  • Do Not Map: This attribute will not be synchronized to IDaaS.
  • Create: The attribute is synchronized only during creation.
  • Update: The attribute is synchronized only during updates.
  • Create and Update: The attribute is synchronized during both creation and updates.
• Transformation Method: Sets the method for attribute mapping.
  • Automatic Transformation: Synchronizes the value exactly as it is in the identity source.
  • Script Transformation: Use this method to transform values from the identity source if they do not meet the required format. Refer to Script Mapping Method.

6. After configuration is complete, click "Execute Synchronization" to immediately perform the synchronization operation.

If the synchronization mechanism in the basic configuration is set to scheduled synchronization, manual execution of synchronization tasks is not required here.

7. After execution is complete, switch to the "Synchronization Events" page to view all synchronization tasks for this identity source. Click "Details" under the "Operation" column of a synchronization task to view the import results, or go to the "Users > Users and Organizations" page to view the imported data.