Service type management

Service type management

A service type is a category of related services that share schemas attributes common across a set of similar managed resources. Service type templates are used to create services for specific instances of managed resources. For example, if we have several Lotus Domino servers we might create one service for each using the Lotus Domino service type. Some service types are installed by default when IBM Security Identity Manager is installed. Other service types can be installed when we import the service definition files for adapters for managed resources. A service type definition is provided by the ISIM adapter for a managed resource. There is a service type for each type of managed resource that ISIM supports, such as UNIX, Linux , Windows, IBM Security Access Manager, and so on. A service type is defined in the service definition file of an adapter, which is a Java Archive (JAR) file containing the profile. The service type for an adapter is created when the adapter profile (JAR file) is imported. For example, a service type is defined in the WinLocalProfileJAR file. We can also define a service type using the interface for ISIM.
ISIM supports the following types of service providers:

DAML for Windows Local Adapter, Lotus Notes Adapter, and so on
Security Directory Integrator (IDI) for UNIX and Linux adapters
Custom Java class for defining our own implementation of a service provider
Manual for managing user-defined "manual" activities

Default service types
The following default service types are provided with IBM Security Identity Manager:

Identity feed service types:

Feed Service Description
DSML feed service Import user data, with no account data, from a human resources database or file and feeds the information into the ISIM directory. The service uses a placement rule to determine where in the organization a user will be placed. The service can receive the information in one of two ways: a reconciliation or an event notification. This service is based on the DSML Identity Feed Service Profile. DSMLv2 is deprecated in ISIM Version 5.0 in favor of the remote method invocation (RMI)-based IDI adapter framework. The use of DSMLv2 continues to be supported in this release.
Windows Active Directory Import user data from Windows Active Directory. The organizationalPerson objects are fed into ISIM and add or update users to ISIM. The user profiles selected from this service must have an objectclass that is derived from the organizationalPerson class.
CSV Identity Feed Import user data from a CSV file and adds or updates users to ISIM. The CSV file contains a set of records separated by a carriage return/line feed (CR/LF) pair (\r\n). Each record contains a set of fields separated by a comma. If the field contains either a comma or a CR/LF, the comma must be escaped with double quotes as the delimiter. The first record in the CSV source file defines the attributes provided in each of the following records. Attributes must be valid based on the class schema for the selected person profile for this service.
IDI Data Feed Use the Security Directory Integrator to import user data, with no account data, into ISIM and to manage accounts in ISIM data store on external resources. This service is based on the IDI Data Feed Service Profile.
INetOrgPerson Identity Feed Import user data from the LDAP directory. The inetOrgPerson objects are loaded and add or update users in ISIM.

Account service types:

Service type Description
Security Directory Integrator Can be optionally installed during the installation of ISIM. All these are SDI-based adapters; each is a specific service type. Security Directory Integrator is one type of service provider. There can be multiple service types defined for the same type of service provider.
ITIM Service Create accounts in the ISIM system and represents ISIM Server itself. This is a standard service with no configuration parameters. All users that need access to the ISIM system must be provisioned with a ISIM account.
Hosted Service Create a service that is a proxy to the hosting service is residing in the service provider organization. The hosted service connects to the managed resource target through the hosting service indirectly. The configuration details of the hosting service is invisible and protected from administrators in the secondary organization where the Hosted Service is defined. Administrators can define policies for the hosted service, specifically, without affecting the hosting service. The primary usage of a Hosted Service is to allow users in business partner organizations to have accounts and access to internal IT resources of an organization and to allow administrators in the secondary organization to define specific service policies for the user accounts.

Custom Java class

The custom Java class service type allow you to define our own profile by defining and implementing a Java class.

See also

Manual services and service types

Service definition file or adapter profile

Create service types

Change service types

Import service types

Deleting service types

Management of account defaults on a service type

Parent topic: Configure

Feed Service	Description
DSML feed service	Import user data, with no account data, from a human resources database or file and feeds the information into the ISIM directory. The service uses a placement rule to determine where in the organization a user will be placed. The service can receive the information in one of two ways: a reconciliation or an event notification. This service is based on the DSML Identity Feed Service Profile. DSMLv2 is deprecated in ISIM Version 5.0 in favor of the remote method invocation (RMI)-based IDI adapter framework. The use of DSMLv2 continues to be supported in this release.
Windows Active Directory	Import user data from Windows Active Directory. The organizationalPerson objects are fed into ISIM and add or update users to ISIM. The user profiles selected from this service must have an objectclass that is derived from the organizationalPerson class.
CSV Identity Feed	Import user data from a CSV file and adds or updates users to ISIM. The CSV file contains a set of records separated by a carriage return/line feed (CR/LF) pair (\r\n). Each record contains a set of fields separated by a comma. If the field contains either a comma or a CR/LF, the comma must be escaped with double quotes as the delimiter. The first record in the CSV source file defines the attributes provided in each of the following records. Attributes must be valid based on the class schema for the selected person profile for this service.
IDI Data Feed	Use the Security Directory Integrator to import user data, with no account data, into ISIM and to manage accounts in ISIM data store on external resources. This service is based on the IDI Data Feed Service Profile.
INetOrgPerson Identity Feed	Import user data from the LDAP directory. The inetOrgPerson objects are loaded and add or update users in ISIM.

Service type	Description
Security Directory Integrator	Can be optionally installed during the installation of ISIM. All these are SDI-based adapters; each is a specific service type. Security Directory Integrator is one type of service provider. There can be multiple service types defined for the same type of service provider.
ITIM Service	Create accounts in the ISIM system and represents ISIM Server itself. This is a standard service with no configuration parameters. All users that need access to the ISIM system must be provisioned with a ISIM account.
Hosted Service	Create a service that is a proxy to the hosting service is residing in the service provider organization. The hosted service connects to the managed resource target through the hosting service indirectly. The configuration details of the hosting service is invisible and protected from administrators in the secondary organization where the Hosted Service is defined. Administrators can define policies for the hosted service, specifically, without affecting the hosting service. The primary usage of a Hosted Service is to allow users in business partner organizations to have accounts and access to internal IT resources of an organization and to allow administrators in the secondary organization to define specific service policies for the user accounts.