RSA Identity Governance and Lifecycle Connector Data Sheet ...

Version 1.3 | Jan 2018

RSA Identity Governance and Lifecycle Connector Data Sheet

for IBM Notes

RSA Identity Governance and Lifecycle Connector Datasheet for IBMNotes

2

Table of Contents

Purpose ............................................................................................................................................................................................. 4

Supported Software .......................................................................................................................................................................... 4

Prerequisites ..................................................................................................................................................................................... 5

Uploading Connector templates ............................................................................................................................................................ 5

Endpoint Configuration ......................................................................................................................................................................... 5

Enable SSL for DIIOP on IBM Notes Server ........................................................................................................................................... 7

Configuration .................................................................................................................................................................................... 8

General ................................................................................................................................................................................................... 8

Settings .................................................................................................................................................................................................. 8

Capabilities ............................................................................................................................................................................................. 9 Command ........................................................................................................................................................................................... 9 Command Input Parameters ............................................................................................................................................................ 10 1. Create an account ........................................................................................................................................................................ 10 2. Delete Account ............................................................................................................................................................................. 27 3. Add an account to a group ........................................................................................................................................................... 31 4. Remove an account from a group ................................................................................................................................................ 35 5. Enable an account ........................................................................................................................................................................ 37 6. Disable an account ....................................................................................................................................................................... 38 7. Add Entitlement to Account......................................................................................................................................................... 42 8. Lock an Account ........................................................................................................................................................................... 45 9. Unlock an account ........................................................................................................................................................................ 46 10. Update a IBM Notes account ..................................................................................................................................................... 48 11. Reset Internet Password ............................................................................................................................................................ 50 12. Recertify an account .................................................................................................................................................................. 51 13. Create Group .............................................................................................................................................................................. 54 14. Update IBM Notes group ........................................................................................................................................................... 58 15. Move IBMNoes account in Name Hierarchy .............................................................................................................................. 59


3

Revision History

Revision Number Description

Version 1.0 IBM Notes connector

Version 1.1 Added the DIIOP SSL configuration details

Version 1.2 Changed name from Lotus Notes to IBM Notes

Version 1.3 Changed Old RSA Logo and minor modifications


4

Purpose

This data sheet provides the configuration information required to create a new Connector for IBM Notes.

Supported Software

RSA Identity Governance and Lifecycle Version 6.8.1, 6.9.1 and above.

Application: IBM Notes Domino 8.5 and 9.0.1 (Support for SSL is from Domino server version 9.0.1 Fix Pack 5)


5

Prerequisites

Uploading Connector templates Before you start creating the Connector, Upload the ‘NCSO.jar’.

Steps:

Go to AFX Connector Templates IBM Notes Click on ‘Upload Missing Files’ Browse to the path where the required jar is present and upload it.

Endpoint Configuration IBM Notes connector executes certain commands that require permissions to run Restricted and Unrestricted operations. Perform the following steps to allow these operations on server:

Go to IBM Notes Admin. Under selected server, go to ‘Configuration Security’ tab. Set ‘Sign or Run unrestricted methods and operations’ and ‘Sign or Run restricted methods and operations’ to the

Admin Username that is to be used in IBM Notes connector.

Using IBM Notes Admin console UI to verify data

Note: You must have IBM Notes Admin console installed.

1. Log into IBM Domino Admin console using your admin credentials.


6

2. Click on ‘People and Groups’ tab. All users and groups present on server are visible there.


7

Enable SSL for DIIOP on IBM Notes Server

1. In the Server document, under the server’s Domino Directory, go to the Ports tab -> Internet Ports tab -> DIIOP

tab. Ensure that the SSL port number is correct and enabled. It defaults to 63149.

2. In the configuration of the Server document, go to Web -> Internet Sites -> Add Internet for IIOP site and specify

the kyr file (certificate file ). Copy the certificate file to the RSA server machine.

3. In the Server tab of server’s Domino Directory, go to server tasks, and make sure that the DIIOP server task is

present, which listens to the request on port 63149 and port 63148 (if non-SSL is enabled).

Note: Support for SSL is from Domino server version 9.0.1 Fix Pack 5.


8

Configuration

The Connector creation is made up of three sections:

General – General details about the Connector; viz. the name, type etc.

Settings – The connection settings required to connect the RSA-IMG and the End-point Application in consideration.

Capabilities – These are the list of “verbs” or capabilities that the RSA-IMG Connector supports; for e.g. “Create, Update, Delete, etc.”

General

The following table helps you with the Parameters asked on the “General” screen while creating the Connector.

Field Name Value

Name IBM Notes

Description IBM Notes Domino Connector

Server AFX Server

Connector Template IBM Notes

State Active

Export As Template N/A

Note: When you are satisfied your connector is configured properly change the state to Active. No automated provisioning will occur while in the Test state. It is recommended that you test all enabled commands using the Test Connector Settings and Test Connector Capabilities prior to changing to the Active state.

Settings

The following table helps you with the Parameters asked on the “Settings” screen while creating the Connector.

Field Name Value

Domino Server Host <Host-Name or IP Address of machine running IBM Domino server>

Domino Server DIIOP <Port on which DIIOP service is listening. Default: 63148>


9

Port

Administrator Hierarchical Name

<Hierarchical Username of administrator>

Administrator Password <Password of administrator user>

Use SSL for DIIOP Select whether to use Secure Sockets Layer (SSL) to connect.

If this is selected, the RSA server uses the DIIOP SSL protocol to connect to the IBM Notes Domino server. If selected, you must provide the Keystore path and Keystore password.

Keystore Path Enter the complete path of the Keystore file.

For example: C: \\workspace\\LotusNotesClient\\certs\\trust.jks

Keystore Password Enterthe password for Keystore file specified in the Keystore Path field.

Capabilities

The following table(s) helps you with the Parameters asked when enabling the commands (verbs) on the “Capabilities” screen; while creating the Connector.

Following commands are supported by IBM Notes Connector :

Command

The Following commands are supported by the IBM Notes connector:

Create Account

Delete Account

Add Account To Group

Remove Account From Group

Enable Account

Disable Account

Update Account

Add Entitlement To Account

Remove Entitlement From Account

Lock Account

Unlock Account

Create Group(Only supported in V6.9)

Update Group(Only supported in V6.9)

Reset Password(Only supported in V6.9)

Recertify Account(Only supported in V6.9)

Move Account(Only supported in V6.9)


10

Command Input Parameters

1. Create an account

While defining the “Create an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value

Parameter Name AccountId

Type STRING

Default Value -

Is the parameter required? Yes

Is the parameter encrypted? No

Display Name Account Id (Short Name)

Mapping ${User.User_Id}

Description Account short name

Field Name Value

Parameter Name FirstName

Type STRING

Default Value -



Display Name First Name


11

Mapping ${User.First_Name}

Description Account first name

Field Name Value

Parameter Name LastName

Type STRING

Default Value -



Display Name Last Name

Mapping ${User.Last_Name}

Description Account last name

Field Name Value

Parameter Name MinPasswordStrength

Type STRING

Default Value 7



Display Name Minimum Password Strength Level


12

Mapping ${AccountTemplate.Minimum_Password_Strength_Level}

Description Minimum password strength level. Value must be within the range of 0 to 16.

Field Name Value

Parameter Name Password

Type STRING

Default Value -



Display Name Initial Password

Mapping ${AccountTemplate.Initial_Password}

Description Initial account password

Field Name Value

Parameter Name RegistrationServer

Type STRING

Default Value -



Display Name Registration Server


13

Mapping ${AccountTemplate.RegistationServer}

Description Hierarchical name of registration server.

Field Name Value

Parameter Name CACertifier

Type STRING

Default Value -



Display Name CA Certifier

Mapping ${AccountTemplate.CACertifier}

Description Hierarchical name of CA based certifier.

Field Name Value

Parameter Name CertifierIdFile

Type STRING

Default Value -

Is the parameter required? No


Display Name Certifier ID File


14

Mapping ${AccountTemplate.CertifierIdFile}

Description Full path to certifier ID file on Domino server.

Field Name Value

Parameter Name CertifierPasswd

Type STRING

Default Value -



Display Name Certifier ID Password

Mapping ${AccountTemplate.CertifierPassword}

Description Password for certifier ID file.

Field Name Value

Parameter Name DirectoryDbName

Type STRING

Default Value Names



Display Name Directory Database Name


15

Mapping ${AccountTemplate.DirectoryDbName}

Description Directory database name

Field Name Value

Parameter Name CreateIDFile

Type BOOLEAN

Default Value True



Display Name Create ID File

Mapping ${AccountTemplate.CreateIdFile}

Description If TRUE, account ID file will be created and stored on Domino server's file system.

Field Name Value

Parameter Name IDFileDirectory

Type STRING

Default Value -



Display Name Account ID File Directory


16

Mapping ${AccountTemplate.IdFileDirectory}

Description Full path to directory where account ID file will be stored (only required if CreateIDFile is set to TRUE).

Field Name Value

Parameter Name IDFileName

Type STRING

Default Value -



Display Name Account ID File Name

Mapping ${AccountTemplate.IdFileName}

Description Alternate name for account ID file. If not specified, the accountId (Short Name) will be used (e.g., jsmith.id).

Field Name Value

Parameter Name StoreIdInAddressBook

Type BOOLEAN

Default Value False



17


Display Name Store Account ID in Address Book

Mapping ${AccountTemplate.StoreInAddressBook}

Description If TRUE, account ID will also be stored in the address book.

Field Name Value

Parameter Name ExpirationDateTime

Type STRING

Default Value -



Display Name Account ID Expiration Date

Mapping ${AccountTemplate.ExpirationDate}

Description Date and time when account ID will expire. Value must be in the format MM/dd/yyyy HH:mm:ss (e.g., 05/31/2020 08:00:00).

Field Name Value

Parameter Name PolicyName

Type STRING

Default Value -


18



Display Name Explicit Policy Name

Mapping ${AccountTemplate.PolicyName}

Description Hierarchical name of explicit policy to apply when creating account.

Field Name Value

Parameter Name IsNorthAmericanLicense

Type BOOLEAN

Default Value True



Display Name North American License Type

Mapping ${AccountTemplate.NorthAmericanLicenseType}

Description The type of License (whether NorthAmerican or not) Account ID file has

Field Name Value

Parameter Name Email

Type STRING

Default Value -


19



Display Name Email Address

Mapping ${User.Email_Address}

Description Account email address (internet address in Notes).

Field Name Value

Parameter Name MailServer

Type STRING

Default Value -



Display Name Mail Server

Mapping ${AccountTemplate.MailServer}

Description Hierarchical name of mail server.

Field Name Value

Parameter Name MailDbDirectoryName

Type STRING

Default Value Mail


20



Display Name Mail Database Directory Name

Mapping ${AccountTemplate.MailDbDirectoryName}

Description Relative path to directory where mail database will be stored (relative to data directory).

Field Name Value

Parameter Name MailDbFileName

Type STRING

Default Value -



Display Name Mail Database File Name

Mapping ${AccountTemplate.MailDbFileName}

Description Alternate name for mail file. If not specified, the accountId (Short Name) will be used (e.g., jsmith.nsf).

Field Name Value

Parameter Name EnableMailFTIndex

Type BOOLEAN

Default Value False


21



Display Name Enable Mail Full Text Index

Mapping ${AccountTemplate.EnableMailFTIndex}

Description If TRUE, full text indexing will be enabled for account mail file.


22

Field Name Value

Parameter Name MailFileTemplate

Type STRING

Default Value -



Display Name Mail File Template Name

Mapping ${AccoutnTemplate.MailFileTemplate}

Description Name of database template to use for account mail file. If not specified, the Standard template for the Notes version will be used.


23

Field Name Value

Parameter Name MailOwnerAccessLevel

Type STRING

Default Value EDITOR



Display Name Mail Owner Access Level

Mapping ${AccountTemplate.MailOwnerAccessLevel}

Description Access level for account on his/her mail file. Valid values are MANAGER, EDITOR, DESIGNER.

Field Name Value

Parameter Name MailFileManager

Type STRING

Default Value -



Display Name Mail File Manager

Mapping ${AccountTemplate.MailFileManager}

Description Name of account or group to additionally set as manager(s) on account mail file.


24

Field Name Value

Parameter Name MailDbReplicaServers

Type STRING

Default Value -



Display Name Comma-delimited List of Mail Database Replica Servers

Mapping ${AccountTemplate.MailDbReplicaServers}

Description Comma-delimited list of hierarchical server names where mail file replica(s) are to be created.

Field Name Value

Parameter Name MailDbReplicaDirectoryName

Type STRING

Default Value -



Display Name Mail Database Replica Directory Name

Mapping ${ AccountTemplate.MailDbReplicaDirectoryName }


25

Description Relative path to directory on replica server(s) where mail file replica(s) will be created. By default, the same directory path where original mail file is created will be used.

Field Name Value

Parameter Name Location

Type STRING

Default Value -



Display Name Location

Mapping ${ AccountTemplate.Location}

Description Account location.

Field Name Value

Parameter Name Comment

Type STRING

Default Value -



Display Name Comment


26

Mapping ${ AccountTemplate.Comment}

Description Account comment.

Field Name Value

Parameter Name InitialGroups

Type STRING

Default Value -



Display Name Initial Groups

Mapping ${AccountTemplate.Initial_groups}

Description Comma-delimited list of group names to which the new account will be added as a member.

Field Name Value

Parameter Name Roaming

Type BOOLEAN

Default Value False



Display Name Enable Roaming


27

Mapping ${AccountTemplate.Enable_Roaming}

Description If TRUE, roaming will be enabled for the account.

2. Delete Account

While defining the “Delete a Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value

Parameter Name AccountName

Type STRING

Default Value -



Display Name Hierarchical Account Name

Mapping ${Account.Name}


Field Name Value


Type STRING

Default Value -



28



Mapping -


Field Name Value


Type STRING

Default Value -




Mapping -


Field Name Value


Type STRING

Default Value -



29



Mapping -


Field Name Value


Type STRING

Default Value -




Mapping -


Field Name Value

Parameter Name ProcessImmediate

Type BOOLEAN

Default Value false



30


Display Name Process Immediate

Mapping -

Description If TRUE, all references to the user in the Domino Directory will be deleted before issuing the administration process request. If FALSE, the administration process will make all deletions.

Field Name Value

Parameter Name DeleteMailFile

Type BOOLEAN

Default Value false



Display Name Delete Mail File

Mapping -

Description If TRUE, all mail files for the account will be deleted. If FALSE, mail file(s) will not be deleted.

Field Name Value

Parameter Name DenyAccessGroup

Type STRING

Default Value -



31


Display Name Deny Access Group

Mapping -

Description Name of an existing "Deny Access" group to which the name of the deleted account is added.

3. Add an account to a group

While defining the “Add an Account to group” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -






Field Name Value



32

Type STRING

Default Value Names






Field Name Value

Parameter Name Group

Type STRING

Default Value -



Display Name Group

Mapping -

Description Name of an existing group to which the account will be added.


33

Field Name Value


Type STRING

Default Value -




Mapping ${AccountTemplate.RegistationServer}


Field Name Value


Type STRING

Default Value -




Mapping ${AccountTemplate.CACertifier}



34

Field Name Value


Type STRING

Default Value -




Mapping ${AccountTemplate.CertifierIdFile}


Field Name Value


Type STRING

Default Value -




Mapping ${AccountTemplate.CertifierPassword}



35

Field Name Value


Type BOOLEAN

Default Value false




Mapping -


4. Remove an account from a group

While defining the “Remove an Account from group” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -





36



Field Name Value


Type STRING

Default Value -



Display Name Group

Mapping -

Description Name of an existing group to which the account will be added.

Field Name Value


Type STRING

Default Value Names





37



5. Enable an account

While defining the “Enable an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -






Field Name Value


Type STRING

Default Value -



38



Mapping -


Field Name Value


Type STRING

Default Value Names






6. Disable an account

While defining the “Disable an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING


39

Default Value -






Field Name Value


Type STRING

Default Value -




Mapping -


Field Name Value



40

Type STRING

Default Value -




Mapping -


Field Name Value


Type STRING

Default Value -




Mapping -


Field Name Value



41

Type STRING

Default Value -




Mapping -


Field Name Value


Type BOOLEAN

Default Value false




Mapping -


Field Name Value



42

Type STRING

Default Value -




Mapping -


7. Add Entitlement to Account

While defining the “Add entitlement to an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -







43

Field Name Value

Parameter Name Resource

Type STRING

Default Value -



Display Name Resource

Mapping -

Description Entitlement resource path (relative to data directory).

Field Name Value

Parameter Name Action

Type STRING

Default Value -



Display Name Action

Mapping -

Description Entitlement action (Access Level, Access Attribute, or name of Role configured on Notes resource).


44

Field Name Value


Type STRING

Default Value -






Field Name Value

Parameter Name Resource

Type STRING

Default Value -



Display Name Resource

Mapping -


45

Description Entitlement resource path (relative to data directory).

Field Name Value

Parameter Name Action

Type STRING

Default Value -



Display Name Action

Mapping -

Description Entitlement action (Access Level, Access Attribute, or name of Role configured on Notes resource).

8. Lock an Account

While defining the “Lock an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -




46



Description Name of the account to be locked

Field Name Value


Type STRING

Default Value Names




Mapping -


9. Unlock an account

While defining the “Unlock an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -


47





Description Name of account to be unlocked

Field Name Value


Type STRING

Default Value Names




Mapping -


Field Name Value

Parameter Name EnablePasswordCheck

Type BOOLEAN


48

Default Value true



Display Name Enable Password Check

Mapping -

Description Set to TRUE to enable password checking for account after it is unlocked.

10. Update a IBM Notes account

While defining the “Update an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -






Field Name Value


49


Type STRING

Default Value Names




Mapping -



50

Section II

Capabilities that are only supported from V6.9

11. Reset Internet Password

While defining the “Reset Internet Password” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -





Description Name of account whose password is to be returned

Field Name Value


Type STRING

Default Value Names



51



Mapping -


Field Name Value

Parameter Name NewPassword

Type STRING

Default Value -



Display Name New Password

Mapping -

Description New Password

12. Recertify an account

While defining the “Recertify an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value



52

Type STRING

Default Value -






Field Name Value


Type STRING

Default Value -




Mapping -


Field Name Value


53


Type STRING

Default Value -




Mapping -


Field Name Value


Type STRING

Default Value -




Mapping -



54

Field Name Value


Type STRING

Default Value -




Mapping -


13. Create Group

While defining the “Create Group” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -



Display Name Group

Mapping ${Group.Name}


55

Description Name of group to be created.

Field Name Value


Type STRING

Default Value -




Mapping -


Field Name Value


Type STRING

Default Value -




56


Mapping -


Field Name Value


Type STRING

Default Value -




Mapping -


Field Name Value


Type STRING

Default Value -



57



Mapping -


Field Name Value


Type STRING

Default Value Names




Mapping -


Field Name Value


Type BOOLEAN


58

Default Value false




Mapping -


14. Update IBM Notes group

While defining the “Update group” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -



Display Name Group

Mapping ${Group.Name}

Description Name of an existing group which is to be updated.


59

15. Move IBMNoes account in Name Hierarchy

While defining the “Move an Account” verb, certain parameters need to be defined. The following tables will help you define these parameters. Each table is dedicated to one parameter.

Field Name Value


Type STRING

Default Value -






Field Name Value


Type STRING

Default Value -





60

Mapping -


Field Name Value


Type STRING

Default Value -



Display Name Original Certifier ID File

Mapping -

Description Original Certifier ID File

Field Name Value


Type STRING

Default Value -




61

Display Name Original Certifier ID Password

Mapping -

Description Original Certifier ID Password

Field Name Value


Type STRING

Default Value -



Display Name Original Certifier

Mapping -

Description Original Certifier

Field Name Value

Parameter Name TargetCACertifier

Type STRING

Default Value -



62


Display Name Target CA Certifier

Mapping -

Description Target CA Certifier

Field Name Value

Parameter Name TargetCertifier

Type STRING

Default Value -



Display Name Target Certifier

Mapping -

Description Target Certifier

Field Name Value

Parameter Name TargetCertifierIdFile

Type STRING


63

Default Value -



Display Name Target Certifier Id File

Mapping -

Description Target Certifier Id File

Field Name Value

Parameter Name TargetCertifierIdPassword

Type STRING

Default Value -



Display Name Target Certifier Id Password

Mapping -

Description Target Certifier Id Password

Field Name Value

Parameter Name AllowPrimaryNameChange


64

Type BOOLEAN

Default Value true



Display Name Allow Primary Name Change

Mapping -

Description Allow Primary Name Change

Field Name Value

Parameter Name LastName

Type STRING

Default Value -



Display Name Last Name

Mapping -

Description Last Name

Field Name Value


65

Parameter Name FirstName

Type STRING

Default Value -



Display Name First Name

Mapping -

Description First Name

Field Name Value

Parameter Name Middleinitial

Type STRING

Default Value -



Display Name Middle Initial

Mapping -

Description Middle Initial


66

Field Name Value

Parameter Name OrgUnit

Type STRING

Default Value -



Display Name Organizational Unit

Mapping -

Description Organizational Unit

Field Name Value

Parameter Name AlternateCommonName

Type STRING

Default Value -



Display Name Alternate Common Name

Mapping -

Description Alternate Common Name


67

Field Name Value

Parameter Name AltOrgUnit

Type STRING

Default Value -



Display Name Alternate Organizational Unit

Mapping -

Description Alternate Organizational Unit

Field Name Value

Parameter Name AltLanguage

Type STRING

Default Value -



Display Name Alternate Language

Mapping -


68

Description Alternate Language

Field Name Value

Parameter Name RenewWindowsUser

Type BOOLEAN

Default Value false



Display Name Renew Windows User

Mapping -

Description Renew Windows User


69

Copyrights

Copyright © 2018 Dell Inc. or its subsidiaries. All Rights Reserved.

Trademarks

Dell, RSA, the RSA Logo, EMC and other trademarks, are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks

of their respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa

http://www.emc.com/legal/emc-corporation-trademarks.htm

RSA Identity Governance and Lifecycle Connector Data Sheet ...

Documents