Reconciling Identity Data

Now that you have installed OpenIDM with a "Getting Started" configuration, you will learn how OpenIDM reconciles information between two data stores.

While the reconciliation demonstrated in this guide uses two simplified data files, you can set up the same operations at an enterprise level on a variety of resources.

Return to the situation described earlier, where you have Jane Sanchez joining the engineering department. The following illustration depicts what OpenIDM has to do to reconcile the differences.

gsg recon top

Using OpenIDM to Reconcile Differences

A central feature of OpenIDM is reconciliation. In other words, OpenIDM can compare the contents of two data stores, and make decisions on what to do, depending on the differences.

This scenario is based on two data files:

  • hr.csv, which represents the Human Resources data store

  • engineering.xml, which represents the Engineering data store

OpenIDM will modify the Engineering data store by adding the newly hired Jane Sanchez. As suggested by the following illustration, it will also address detailed differences between Jane’s Human Resources account and the Engineering data store.

gsg differences

OpenIDM includes configuration files that map detailed information from the Human Resources data store to the Engineering data store. For example, the OpenIDM configuration maps the firstName entry in Human Resources to the firstname entry in Engineering.

Mapping between data stores may require additional configuration. You should find two provisioner.openicf-*.json files in the /path/to/openidm/samples/getting-started/conf subdirectory. The provisioner files configure connections to external resources, such as Active Directory, OpenDJ or even the engineering.xml and hr.csv files used in this guide. For more information, see "Connecting to External Resources" in the Integrator’s Guide.

In the Admin UI, you can see how OpenIDM reconciles the different categories for user Jane Sanchez. Log in to the Admin UI at https://localhost:8443/admin. The default username is openidm-admin and default password is openidm-admin.

Select Configure > Mappings > HumanResources_Engineering > Properties.

In the Sample Source text box, enter Sanchez. You should see a drop-down entry for Jane Sanchez that you can select. You should now see how OpenIDM would reconcile Jane Sanchez’s entry in the Human Resources data store into the Engineering data store.

gsg recon details

Scroll back up the same page. Select Reconcile Now.

When you reconcile the two data stores, OpenIDM will make the change to the Engineering data store.

For those of you who prefer the command-line interface, you can see how the mapping works in the sync.json file, in the /path/to/openidm/samples/getting-started/conf directory.

Reconciling Identity Data After One Update

Now that you have used OpenIDM to reconcile two data stores, try something else. Assume the Engineering organization wants to overwrite all user telephone numbers in its employee data store with one central telephone number.

For this purpose, you can set up a default telephone number for the next reconciliation.

In the HumanResources_Engineering page, scroll down and select telephoneNumber > Default Values.

gsg telephone

When you select Update, and Save Properties, OpenIDM changes the sync.json configuration file. The next time OpenIDM reconciles from Human Resources to Engineering, it will include that default telephone number for all employees in the Engineering group.