# Establishing connection

After you have deployed and registered the connector, you will need to establish a connection to your application. Without an active connection, you will not be able to perform any of the operations described in the application onboarding sections.

To establish a connection, follow the steps described below:

{% stepper %}
{% step %}

### Log in to the Webconsole

Go to **Provisioning** > **Managed system**.
{% endstep %}

{% step %}

### Select or create a managed system configuration

If you are new to OpenIAM, we recommend selecting a sample configuration and clicking the **Actions** button.\
If you want to create a new configuration, click on **Create Managed System**.
{% endstep %}

{% step %}

### Complete the Managed System form

The example below uses OpenLDAP, but the same concepts apply to all Managed system configurations.

<figure><img src="/files/5a5f8d0a04b00d5794cb18d628f7f83026a5608c" alt=""><figcaption></figcaption></figure>

You can use the table below to complete the fields.

<table><thead><tr><th width="155.33331298828125" valign="middle">Field name</th><th>Description</th></tr></thead><tbody><tr><td valign="middle">Connector</td><td>Name of the connector that will be used by the managed system configuration.</td></tr><tr><td valign="middle">Managed system name</td><td>Name of this application that is meaningful to the business.</td></tr><tr><td valign="middle">Description</td><td>Description of this application. The description will be used in the service catalog to help end-users gain more information about the application.</td></tr><tr><td valign="middle">Manual</td><td>Checkbox which indicates if this application is a <em>Manual</em> application, meaning that <strong>no connector is available</strong> and automated provisioning is not supported. If you have a connector for the application, then leave this off.</td></tr><tr><td valign="middle">Active</td><td>Checkbox which indicates if this configuration is active. <strong>Only active configurations can process life-cycle events</strong>. To make an application <em>Active</em>, ensure that this field is checked.</td></tr><tr><td valign="middle">Show on user change password screen</td><td>OpenIAM provides the option for end-users to change their password in a single application. If this application is to be shown on the change password screen, then ensure that this field is checked.</td></tr><tr><td valign="middle">All users provisioned with this managed system</td><td>There are times when all users should be provisioned to an application regardless of business rules or role memberships. To enable this behavior for your application, ensure that this field is checked.</td></tr><tr><td valign="middle">Host URL</td><td>This is the URL to connect to your application, tenant, etc.</td></tr><tr><td valign="middle">Port</td><td>Port that OpenIAM should use to connect to the application.</td></tr><tr><td valign="middle">Communication protocol</td><td>Defines if OpenIAM should communicate using SSL or Clear. The option that you select here <strong>must also be supported by the target application</strong>.</td></tr><tr><td valign="middle">Login ID</td><td>Service account ID which will be used by OpenIAM to connect to the application.</td></tr><tr><td valign="middle">Password</td><td>Password for the service account</td></tr><tr><td valign="middle">Object primary key for user</td><td>The unique attribute in the target application that the connector will use to find existing users. Examples of primary keys can be <code>UID</code> in LDAP, <code>sAMAccountName</code> in ActiveDirectory, etc.</td></tr><tr><td valign="middle">Base DN for User</td><td>This value is relevant only for a directory. It defines the DN under which the user will be created. It's a way to limit the reach of the connector.</td></tr><tr><td valign="middle">Search Base DN for User</td><td>This value is relevant only for a directory. This is part of the directory where the connector is allowed to search to find matching users. This is used to limit the reach of the connector.</td></tr><tr><td valign="middle">Search scope</td><td>This value is relevant only for a directory. You can select a value like Subtree, OneLevel, or Object. It determines if the connector will search through subtrees or not.</td></tr><tr><td valign="middle">Target system type</td><td>This value is relevant only for a directory. Since the LDAP connector can be used with a variety of directories such as OpenLDAP, Okta Directory Services, eDirectory, and Active Directory, these options will allow the connector to compensate for the brand-specific nuances between directories.</td></tr><tr><td valign="middle">Category</td><td>This is the category in the service catalog where this application will be listed. Leave it blank to avoid having this application listed in the catalog.</td></tr></tbody></table>

If the configuration is set to **Active**, OpenIAM will perform a test connection in a few minutes. Return to the managed systems list and you will see the status on the connector. If the connection is successful, there will be a <mark style="color:$success;">green</mark> status; if it fails, it will be <mark style="color:$primary;">red</mark>.

<figure><img src="/files/210835e35992badff71301e2f5f92be107d4aabc" alt=""><figcaption></figcaption></figure>

Now, after the connection is established, you can proceed with [importing entitlements](/application-onboarding/importing-entitlements.md) from the application.
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-beta.openiam.com/application-onboarding/connectors/establishing-connection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.