Resource wizard: Object type configuration

Last modified 21 Jan 2025 16:24 +01:00

Since 4.9

This functionality is available since version 4.9.

Table of Contents

Basic attributes
Configuration of resource wizard panels
How to use Lifecycle state
Limitations

In this part of resource configuration, you can configure the object types for Schema handling, essentially defining the behavior of midPoint with respect to the resource. One or multiple object types can be defined, based on the source/target system characteristics. For example, CSV resource contains typically a single object type (e.g. accounts) while LDAP resource can contain more than one object type (e.g. accounts and groups).

Figure 1. Table of object types

Click btn:[Add object type] to create a new object type definition using Object type configuration wizard.

Basic attributes

Define the basic information about the object type:

Display name will be displayed in midPoint as a reference to this object type configuration
Kind is either Account, Entitlement or Generic. For accounts, please select Account.

You first object type definition will be almost always for accounts (kind=account). Typical source of user data is HR system. Later you might want to use also Entitlements and Generic.
Intent is used when you would like to use more than one different object types, e.g. standard and administrative accounts. Keep the default (empty) value if you want to work with just one type of accounts.
Default specifies if the intent provided in the previous value should be used as the default value in case you define multiple intents. Select True if you are using only a single intent / one type of accounts.

Figure 2. Basic configuration of object type

See also the following pages for more information:

Kind, Intent and ObjectClass

Click btn:[Next: Resource data] to continue the object type configuration.

Define the resource-specific configuration for this object type:

Object class is one of the object classes (types) supported by the connector for the source/target system represented as this resource. For resources supporting only a single object class (e.g. CSV) this will be displayed as AccountObjectClass and set as default by the wizard.
Filter allows to define a classification via midPoint query language
Classification condition allows to define a classification condition (midPoint expression, not query)

Classification allows to limit which resource data (e.g. accounts) are considered part of this object type definition. An example of Filter usage: CSV file entries matching query attributes/contractType != "Incognito" should be considered as accounts, all other should be ignored.

You do not need to use the classification at all. If unsure, do not use it.

See also the following pages for more information:

Resource Object Type Delineation

Figure 3. Resource data

Click btn:[Next: MidPoint Data] to continue the object type configuration.

Define the midPoint-specific configuration for this object type:

Type defines type of midPoint object that will correspond to the resource object (e.g. User or Role). midPoint will respect this setting when creating a new midPoint object from this object type data on the resource.
Archetype allows selection of archetype that will be automatically assigned for all midPoint objects created from this object type data on the resource. The same archetype will be also used as a part of correlation, i.e. enforced.

If unsure, keep Archetype empty.

Panel for Archetype allows three possibilities:
- No archetype,
- Use existing archetype - Use existing archetype means that you can choose from already created archetypes.
- Create new archetype - Create new archetype, with basic configuration. Created archetype will be added to configuration as reference. In this case, you have the following options:
  - Inherit settings from archetype allows to select archetype which becomes superarchetype for the one you are creating. For example, you can create your own archetype for roles, which will inherit Application role archetype.
  - Name defines the new archetype name (generated by resource wizard using resource name and intent, but you can change it)
  - Description allows you to write short description of the new archetype
  - Create inducement allows to create an inducement in the new archetype to construct the resource object defined in currently edited object type (True) for all focus object with this archetype.
  - Create inducement for membership allows to create an inducement in the new archetype to construct the resource account and association (membership) for focal objects with assigned role of this archetype. For example, if you create a new archetype LDAP group for roles, by assigning role with LDAP group archetype to a user, new LDAP account will be created and made member of the group constructed by LDAP group archetype for the role.
  - Label allows defining label of the new archetype displayed in summary panel of objects with this archetype assigned
  - Plural label allows defining label of the new archetype displayed in main menu if object collection view will be defined for this archetype
  - Icon allows defining the new archetype icon using Font Awesome icon names. For example fa fa-briefcase corresponds to briefcase icon in Font Awesome in the default (solid) icon set
  - Color allows defining the new archetype color for the icon using CSS color names

The archetype can be created using resource wizard. After its creation, you can modify it outside resource wizard in archetype editor, if needed.

See also the following pages for more information:

overview of Archetypes
built-in Person archetype ready to be used

Figure 4. Midpoint data

Click btn:[Save settings] to save the object type configuration (if you have selected option to create a new archetype, the archetype will be created at this time).

Further configuration is required. You can choose your next step to configure other parts of your object type configuration:

Basic attributes allows getting back to the basic configuration of your object type
Mappings allow to configure resource attribute mappings
Synchronization allows to configure synchronization situations and reactions
Correlation allows to configure correlation rules for resource objects
Capabilities allows you to disable/override some functionality of the resource and/or connector without changing the connector implementation
Activation allows to configure rules (mappings) for activation
Credentials allows to configure mappings for credentials (e.g. passwords)
Policies allow to configure the resource operation policies

Figure 5. Parts of object type configuration

Or you can click btn:[Preview data] to display resource data according to the configuration of this particular object type you are configuring (considering Kind, Intent, Object class etc.):

Figure 6. Data preview of object type

Configuration of resource wizard panels

Some wizard panels are configurable, for more information see Wizard panels.

How to use Lifecycle state

Resource, object type, attribute, mapping, synchronization situation and other aspects of resource configuration can be configured in different lifecycle states. As it was mentioned earlier, the Lifecycle state property can be used with Simulations. The resource is created in Proposed lifecycle state by default, it won’t work for normal deployment without switching to Active state.

By using the lifecycle state Proposed, you can test (simulate) the configuration without causing any damage to your target system data. When the simulation results are satisfactory, you can switch the lifecycle state to Active.

As the lifecycle state can be set on various configuration items, midPoint gives you a way of turning on specific parts of configuration incrementally. For example, after you switch your resource to Active lifecycle state, we recommend to add any new mappings first in Proposed lifecycle state. The new mapping can be simulated without causing any harm and switched to Active lifecycle state when ready.

Limitations

Resource wizard has several limitations as of midPoint 4.8, such as:

expression editor supports As is, Script, Literal and Generate expressions only
mapping ranges are not supported
mapping domains are not supported
correlation configuration currently supports only The items Correlator

midPoint resource wizard won’t be able to show or allow editing of these features but should tolerate them and keep them in the configuration.

Was this page helpful?

YES NO

Thanks for your feedback