Chapter 1

Preface

Documentation Conventions

Before you start using this guide, it is important to understand the documentation conventions used in it.

Typographical Conventions

The following kinds of formatting in the text identify special information.

Saved 
   parameters 
   for VE 101

General Conventions

Be aware of the following conventions used in this book.

• Modules in this guide are divided into sections, which, in turn, are subdivided into subsections. For example, Documentation Conventions is a section, and General Conventions is a subsection.
• When following steps or using examples, be sure to type double-quotes ("), left single-quotes (`), and right single-quotes (') exactly as shown.
• The key referred to as RETURN is labeled ENTER on some keyboards.

Commands in the directories included into the PATH variable are used without absolute path names. Steps that use commands in other, less common, directories show the absolute paths in the examples.

Feedback

If you have found a mistake in this guide, or if you have suggestions or ideas on how to improve this guide, please send your feedback using www.idsync.com/aps/feedback/. Please include in your report the guide's title, chapter and section titles, and the fragment of text in which you have found an error.

Chapter 2

Introduction

About This Guide

This guide describes the integration of Odin Automation with IDSync^®.
This document was developed by IDSync^®. For additional information, please contact support@idsync.com.

Audience

This guide is intended for:

• Providers that use Odin Automation and want to sell IDSync^® services to customers.
• Technical support engineers that configure IDSync^® services.

Terms and Abbreviations

• APS ‒ Application Packaging Standard, an open standard that was designed to simplify the delivery of SaaS applications in the cloud-computing industry.
• OSA – Odin Service Automation, the combination of both Odin Billing (Billing) and Odin Operations (Operations).
• Odin Billing (also just called "Billing") – The Billing portion of the Odin Platform.
• Odin Operations ‒ The operations portion of the Odin platform.
• IDSync^® – Contraction for Identity Syncronizer
• AD – Active Directory

Chapter 3

Business Model Overview

In our new APS 2.0 version of the IDSync^® APS Package, we've enabled end-users to the ability to access (read) the different entity types in their Active Directory (AD). Provided the IDSync^® client application installed; this new package will give the Odin APS Bus scope regarding an AD user-based client by providing key pieces of information on virtually all of the different entities in active directory. 

Eventually we will extend these abilities beyond just reading the entity information, but creating, updating and deleting it as well.

IDSync^® Services Provided

IDSync^® provides a way to synchronize the Odin Service users with Active Directory counter-parts that effectively keep the metadata and permissions relevant to the other endpoint. While this service is aids the end-user in extending their company's users into Odin, another benefit is what other packages will be able to do with the data. 

As a part of that synchronization, the IDSync® client will enable Enterprise Administrators to make changes to Odin Packages from AD. 
Below is a table of price offerings for IDSync®.

Service Hierarchy Exposed by IDSync^®

• IDSync® Global Settings

Set by the provider, contains Gateway and API information

• IDSync^® Tenant/Application

Makes the IDSync® API endpoints available on the APS Bus

Contains Seat Count

• Users

Service Users that have been synced via their AD user counterpart, made available on the APS

• Groups

Synced Groups made available on the APS Bus

• Contacts

Synced Contacts made available on the APS Bus

Customer's Workflow

The integration workflow looks as follows:

1. Log into PA Customer Control Panel
2. Go to IDSync® tab
3. View synchronized entities

(Next Steps are Optional)

1. Go to Configuration tab
2. Enabled Advanced UI
3. Click IDSync® on the main navigation
4. View all entities from Active Directory

Customer's Life-cycle

IDSync® allows the customer to use the service after the initial setup work flow is complete. If the customer wishes to upgrade their seat counts they can do so at any time in the billing cycle.

Service Hierarchy Subscription Modification Options

• Identity Syncronizer Application Service (main service)
  • AD User/Service User
    • User Registration/Provisioning
    • Download Entry-point
      
      

Chapter 4

Localization List

IDSync® has been localized in the following languages for each category

1. Customer Interface

   1. en_US

2. PA task manager error logging
   1. en_US
3. IDSync® API error messaging
   1. en_US
4. IDSync® external communication to customer
   1. (Only in en_US/Linked to the customer's CCP locale)

Revision History

3.0 Build 1

• Initial release for the IDSync^® APS 2.0 package
• Addition of resource types to support multiple integration points / features

Contractual contact information for IDSync^®

Service Providers using Odin Automation should contact the following to initiate the reseller account creation process by executing the required contracts before Identity Syncronizer can be resold. Contact us using http://www.idsync.com/contact. 

Support Expectations

Partners that have active commercial terms and in need of general support on topics such as installation, service package configuration and/or general Q&A can contact IDSync^® via their support form at http://www.idsync.com/contact.

For additional support on Odin products, please visit http://www.odin.com/support/.

For questions on the Application Package Standard (APS), please visit http://apsstandard.org/contact. 

Technical Integration Overview

The integration workflow looks as follows:

IDSync^® Services Provided

The Identity Syncronizer Service is to count seats used by a subscription for the end-use or being able to use the count as a billable entity.

Integration Prerequisites

Before you start integrating IDSync® into PA, learn about necessary preparations to the process.

Prerequisites for the IDSync^® Endpoint Host

Prerequisites for the IDSync^® Gateway

General criteria:

Note: It is highly recommended using recommendations of the PA Application Module (application hosting guide).
Also there are some additional software requirements to your Provisioning Host.
After registering the host in Odin Operations, the software specified in the following table must be installed on it:

Chapter 5

Deploying the IDSync^® Application

The IDSync® application is deployed at the client level and the installation guide for that item can be found by clicking the document below. 

Identity Syncronizer - AD Cloud Portal - Installation Guide - v2.1

Chapter 6

Deploying IDSync® APS Package

To deploy the IDSync® APS package on the Provisioning Host, you need to prepare the host and then import your IDSync® APS package in PA. Find information about how to do it in this section.

Preparing the Endpoint Host Server

The IDSync® APS Package requires an application host server to be setup before it can be successfully imported and used in OSA. This endpoint server can be provisioned as Virtual Private Server or as a Virtual Machine via a hyper-visor among the same infrastructure as the OSA systems. 

Please make sure you have a full OSA (Odin Operations + PBA) instance setup properly before continuing. 

Please verify that the endpoint machine is compliant with the aforementioned prerequisites found above under Prerequisites for the IDSync® Endpoint Host. 

These deployment instructions are based on a pre-existing installation of CentOS version 6 or 7 and all required web-daemon packages are installed and managed via the "yum" package manager built-in to CentOS. While the PHP files we're aiming to deploy may work on other Linux distributions and Operation Systems, IDSync® currently officially supports CentOS/RHEL 6/7. 

Please use the endpoint utilities found on the Odin Documentation site (found here: https://doc.apsstandard.org/7.4/api/rest/application/deployment/index.html).

Importing IDSync® Application

To Import the IDSync® application to Odin Operations:

1. In the control panel, go to Top > Service Director > Application Manager > Applications. The list of the applications appears.
2. Click the Import Package button.
3. Import the application from the local workstation, select the local file option, and specify the path to the application file using the Browse... button.
4. Select the Enabled (available in subscriptions) checkbox.
5. Click the Submit button.

Chapter 7

Configuring Services for Selling - Odin Operations

Learn about how to configure the service templates that are necessary to form IDSync® APS subscriptions for sale.

General Resource Creation

The IDSync^® APS package requires that a base IDSync^® service template be created and that any user who wishes to use IDSync^® subscribe to that base IDSync^® service template. The base IDSync^® service template requires a number of resources. These general resources are as follows:

1. IDSync^® - App Reference
2. IDSync^® - Tenant
3. [Optional] IDSync^® - Users
4. [Optional] IDSync^® - Contacts
5. [Optional] IDSync^® - Groups
6. Automatically generated features via the Gateway's Odin page.
   1. Open this document on the machine the Security Gateway is installed onto, and navigate to https://localhost/odin (you may have to input configured port if using something other than 443) 
      
   2. Click here, to continue installing the additional Feature Resources. 

After you've successfully imported the package, go to the Resource Types tab off of the "IDSync^®" application.

1. Click the [+ Create] button to begin creating a new resource type.
2. Proceed by click "Application Service"
3. The name of the first resource should reflect the Tenant resource. (ex: IDSync^® Tenant)
4. Next you will be provided with a list of Resource types, select "IDSync^® Tenant"
5. If unsure, leave "Priority" blank.
6. Make sure the "Automatically provision service" is filled in, as this is the only resource that will provision.
7. Continue, then press Finish after reviewing and approving the displayed values.
8. Now you can progress by repeating steps 2 thru 8 for IDSync^® Users, IDSync^® Groups, and IDSync^® Contacts, with the only difference being that you do not check "automatically provision service on any other resource but the Tenant.
9. After those resource types have been added, go to the Applications page, click the Instances tab.
10. Click the [+ Install] button.
11. Input the Application API endpoint URI (ex: http://endpoint.idsync.apsdemorg.org/)
12. At this point you will be asked to provide the General Setup Global Setting.
    1. Provider Name – Your Company name, case and space sensitive to your IDSync^® license
    2. Provider License – Your Provider IDSync^® license. This license should have been provided during the license agreement process, however should you not have one, or misplaced it feel free to contact IDSync^® Support (support@idsync.com).
    3. IDSync^® API Gateway URL – Leave blank if unsure. Acts as an override for testing.
    4. IDSync^® Gateway URL – The URL configured in the Gateway Agent Configuration utility, under the "client" section. (Ex: https://10.3.3.2:8440/)
    5. IDSync^® Provision URL – The URL to the API portion of the Gateway. Out-of-the-box it will be the same URL and port+1 that was configured in the Gateway Agent Configuration utility, (Example: If Gateway URL https://idsgateway:8448/ than API Gateway is https://idsgateway:8449/)
    6. AD Tab Label – The label that will be applied to the tabs in the Window's Active Directory Utility at the client level.
    7. IDSync^® Plugin Name – This is ALWAYS Syncronizer.Target.Parallels, if not filled in please use said value. Acts as override should a custom plugin need-be created for a provider.
    8. IDSync^® Gateway Subscription Auto-license Flag – Default setting dictate that the automatic license generate a secure Gateway Username and Password tied to making transactions for the ACCOUNT ID it was created under, checking this box will force the Account ID and Subscription ID, which in the case would always be the IDSync subscription. This is legacy setting designed for APS 1.2 backward compatibility. Leave unchecked unless otherwise directed by an IDSync support representative.
13. Review and Approve the settings displayed.
14. Jump back to the Resource Types tab in the IDSync^® Application page.
15. Click the [+ Create] button, then click "Application Service Reference".
16. Give it a name that reflects IDSync^®, (ex: IDSync^® App).
17. Click "General Setup".
18. Click the Resource UUID for the global settings you just configured.
19. Review and Approve the settings displayed.

Automatic Additional Resource Creation

In addition to the base package functionality of IDSync^®, it is possible to extend IDSync^® through separate subscriptions to enable users to synchronize identity information from their Active Directory environments to a number of other third party systems as well as to a number of APS packages hosted on the ODIN platform.

In order to expose these additional subscription options to the customer, the service provider must populate the Odin Operations system with additional resource types.

There are presently in excess of 15 unique resources types that extend the IDSync^® platform. This number is expected to increase over time as IDSync^® is extended to additional systems.

Due to the large number of resources and the time that it takes to manually create these resources in the Odin Operations system, IDSync^® has provided an application for automatically generating these resources on a Odin Operations system.

The tool can be found on the service provider's gateway at the following address: 

https://localhost:XXXX/odin where XXXX is the port number of the service provider's gateway service. 

It will bring up a screen similar to the following:

While this system is a time saver, the system comes with a few important caveats:

1. This process can only be run from the gateway machine itself for security reasons.
2. This tool is primarily for onboarding new service provider environments to utilize the IDSync^® APS package. The process automatically generates all of the "additional resources" that the IDSync^® system knows about at the time of running the process. THIS PROCESS SHOULD NOT BE RUN MORE THAN ONCE in a given Odin Operations environment. If it is run multiple times, it will generate duplicate resource types in Odin Operations and that will lead to confusion when setting up service templates.
3. NOTE: This process cannot be run until the IDSync^® App Resource has been configured within the Odin Operations environment.

Manual Additional Resource Creation

In addition-to or instead-of using the automatic method for additional resource creation, you may create the additional resources as needed to enable IDSync^® features as follows:
Go to the Resource Types tab off of the "IDSync^®" application.

1. Click the [+ Create] button to begin creating a new resource type.
2. Proceed by clicking "Application Service"
3. Enter the name for the first resource you wish to add (ex: IDSync^® Autotask Contacts)
4. Next you will be provided with a list of Resource types, select the resource type that corresponds to the feature you are adding. For example: "IDSync^® Autotask Contacts PID2001"
5. Make sure the "Automatically provision service" is filled in.
6. Continue, then press Finish after reviewing and approving the displayed values.
7. Return to the Resource Types tab off of the "IDSync^®" application
8. Click the [+ Create] button to begin creating a new resource type.
9. Proceed by clicking "Application Counter (unit)"
10. The name of the resource counter should reflect the desired resource counter. (ex: IDSync^® Autotask Contacts Counter)
11. Next you will be provided with a list of Resource types, select the resource counter type that corresponds with the feature you wish to create. For example for Autotask Contacts, the counter resource is "PID2001_COUNT" which is described as "A count of the usage of the Autotask Contacts feature."
12. Make sure the "Automatically provision service" is filled in.
13. Continue, then press Finish after reviewing and approving the displayed values.
14. Now you can progress by repeating steps 1 thru 14 for any additional resources/features that you wish to enable in your Odin Operations system for IDSync^®.

NOTE: As additional features / resource mapping become available for provisioning, IDSync^® will publish the resource type information on its wiki pages at: Idsync.atlasian.com/wiki/ODIN.

Base Service Template Creation

• On the Odin Control Panel, click "Service Templates".
• On the Service Templates page, click [+ Add New Service Template].
• Name the service template IDSync^® Base (or something that reflects the application).
• Make sure the "Auto-Provisioning" check is on, and Type set to "Custom", click Next.
• Using the search at the top of the page; type in the name of the resources you created in the Resource Creation walk-through. * is a wildcard (ex: idsync will return anything that contains the word idsync.
• Add IDSync^® App, IDSync^® Tenant, IDSync^® Users, IDSync^® Contacts, and IDSync^® Groups by checking the corresponding box to the far left.
• Click Next.
• On this screen you will need to uncheck the Tenant resource's Unlimited checkbox, and set the limit to 1.
• You'll also need to uncheck the Unlimited checkbox on IDSync^® "Users" resource and set the limit to the maximum number of IDSync seats you will be hosting through this service template, then check the Home Visibility check to ON for the IDSync^® "Users" resource.
• Review and approving, click finish.

Feature Service Template Creation

For each and every IDSync^® feature that the service provider wishes to offer through its ODIN platform, a service template will need to be configured. The following describes the steps for configuring a service template. This process may be repeated for each IDSync^® feature:

• On the Odin Control Panel, click "Service Templates".
• On the Service Templates page, click [+ Add New Service Template].
• Name the IDSync^® feature service template IDSync^® Autotask Contact (or something that reflects the application).
• Make sure the "Autoprovisioning" check is on, and Type set to "Custom", click Next.
• Using the search at the top of the page; type in the name of the resources you created in the Resource Creation walk-through. * is a wildcard (ex: idsync will return anything that contains the word idsync.Using the search at the top of the page; type in the name of the resources you created in the Resource Creation walk through. * is a wildcard (ex:  will return anything that contains the word idsync.
• Add the Base IDSync^® App resource type and add the resources that are specific to that feature. For instance: for IDSync^® Autotask Contacts, select IDSync^® Autotask Contacts and IDSync^® Autotask Contacts Counter by checking the corresponding box to the far left.
• Click Next.
• You will want to set the limit to 1 on the feature resource (i.e. the Autotask Contact resource)
• You'll also need to uncheck the Unlimited checkbox on IDSync^® counter resource to set the limit to the maximum number of seats you will be hosting through this service template, then check the Home Visibility check to ON for the IDSync^® counter resource.
• Review and approving, click finish.

Branding Options

There currently is not any branding options, outside of the Tab Label in the aforementioned Global settings.

Localization

• Meta file localization
• en_US
• Error handling localization
• en_US
• Localization limitations
• en_US

To request additional languages, please contact support@idsync.com.

Configuring Services for Selling - Billing

Learn about how to configure the service templates that are necessary to form IDSync® APS subscriptions for sale.

Service Plans

It is beyond the scope of this document to provide this information since it is part of the license agreement set between the provider and IDSync® on how billing should be achieved on their own system.