Discovery service (iddiscover)
The discovery service (iddiscover) is the principal service that
Runs connector programs to list changes from systems
Loads discovered data into the database via
iddb.Merges and acts on changes.
The entities that principally communicate with iddiscover include:
The auto discovery nightly job that handles bulk listing and discovery (
psupdate)Incremental discovery events that come from Active Directory and LDAP targets when those integrations are active.
The Bravura Privilege Local Workstation service that communicates over a proprietary HTTP API to provide discovery information.
The Workflow Manager Service (
idwfm) to propagate changes from an authoritative target system to other target systems. See Automated user administration .
The types of information provided by discovery sources to the discovery service include:
Accounts being created/updated/deleted
Groups being created/updated/deleted
Group memberships being created/updated/deleted
Computers being created/updated/deleted
Subscribers to privileged accounts being created/updated/deleted.
This service runs automatically and cannot be managed from the web interface.
Discovery service events
The following Discovery service options can be accessed by clicking Manage the system > Maintenance > System variables or Manage the system > Maintenance > Options :
Option | Description |
|---|---|
IDDISCOVER BATCH COMMITTED | Program to execute after discovery data is committed to staging tables. |
IDDISCOVER OBJATTRMERGE PRE | Program to execute before staged target system object attributes are merged into the database. |
IDDISCOVER OBJMERGE PRE | Program to execute before staged target system objects are merged into the database. |
IDDISCOVER OBJRELMERGE PRE | Program to execute before staged target system object relations are merged into the database. |