Skip to main content

Step 4.1. Create an agent (Optional)

 

That step will be an optional step, and it will be mandatory only when the SQL Server agent, or the Oracle agent was not created previously on Soffid Console.

Step-by-step

1. First of all, to create an agente you must access the agent page in he following path:

Main Menu > Administration > Configure Soffid > Integration engine > Agents

2. Once you have accessed to the agent page, Soffid will display all the active agents created on Soffid. You must click the button with the add symbol (+)  to add a new agent. Then Soffid will display a new empty page to fill in the agent data.

2.1. You must fill, at least the required fields (fields with an asterisk) to create an agent.

      • The Name should be an identificative and unique agent name
      • The Description  should be an brief description of the agent.
      • The Type allows you to select the connector type to use, the SQL Server connector or the Oracle connector. Be in mind that you need to load the connector on Soffid if you did not do previously. 
      • The Server allows you to select the synchronization server that will perform the agent tasks. It is allowed to select two servers in cases high disponibility will be necessary. If you choose two servers, when one fails, the other will be used.
        • If "-disabled-" is selected, the agent will be disabled-
      • The User domain allows you to select how to generate account names.  If the account name is the same as the user name (as it is normally the case), the “Default user domain” should be used. The user domain values are defined on the Account naming rules page.
      • The Password domain allows yo to select the password policies that will be used. If the "Default password domain" is selected, Soffid passwords will be shared with the managed systems. The user domain values are defined on the Password policies page.

You can visit the Plugins page for more information abuut how to load a connector on Soffid Console.

2.2. You can fill in the optional parameters

&&TODO&&to config the agent.

  • User Type:
      when "Manual account creation" is not checked (option selected is No), it will show User Type. Only users of the selected types will be created. Any change made in this field involves all accounts to be recalculated. New ones will be added to the repository and managed systems. Some accounts will get disabled if the owner user does no longer belong to any authorized user type.
    •  

     

    • Shared Thread: if it is enabled, the same thread will be shared to several synchronization servers. 
    • Dedicated Thread: if "Shared thread" is disabled, it will be available the option to choose the number to threads to dedicate to the synchronization process.
    • Task timeout (ms): add a timeout to the synchronization server tasks (query, insert, update, delete, update password, etc). If you add a timeout, when the connection gets this timeout, the synchronization server will stop the request and add it to the queue for a new retry later.
    • Long task timeout (ms): add a timeout to the reconciliation server tasks (user, group, role, account, grants, etc). If you add a timeout, when the connection gets this timeout, the synchronization server will stop the request (no retry is added).
    • Trust passwords: check it if you can trust on it to propagate their passwords to Soffid. Trusted password agents differ from the non-trusted in:
      • Temporary passwords generated from the console only propagate to agents that have trusted passwords checked. In the other case, the agents only receive definitive passwords.

      • When a password has reached its expiry date, it will automatically be disabled on agents where trusted password is not checked, so the user can no longer access it.

      • When the managed system detects a change in the user request password, the password will be propagated to Soffid only if the agent associated trusted password is checked.

    • Authoritative identity source: check if the agent will be used as the source for users information. It is usually checked for the first load of users into Soffid, and then it is unchecked, being Soffid that manages users. Optionally, you can select a custom workflow to process incoming changes. 
    • Read only: if it is checked, no change will be applied to the managed system. Only read operations will be allowed.
    • Manual account creation: Check it if you don't want Soffid to create automatically new accounts for the user.
    • Role-based: when "Manual account creation" is not checked (option selected is No), it will show "Role-based". Check it if only users with any role on this agent should be created. When the identity or account loses its permissions, the account will be disabled. Uncheck to allow users with no role on it.
    • Groups: when "Manual account creation" is not checked (option selected is No), it will show "Groups". Identify the business units that are allowed to have an account on this system.

    2.3. You must fill in the connector"Connector parameters.parameters". Those parameters depends on the agentagent.

    2.3.1.  SQL Server connector:

    {{@97#bkmrk-below-there-are-the-}}

    {{@97#bkmrk-parameter-descriptio}}

    2.3.1. Oracle connector:

    {{@91#bkmrk-below-there-are-the-}}

    {{@91#bkmrk-parameter-descriptio}}

    2.4. You must add the attribute mapping 

     

    Once the agent is configured, it could be assigned to the host: Step 4. Add database

      Screen overview

      image-1629890137950.png