Introduction
The UpdateIdentityTask tasks main responsibility is to keep identities in sync with the relating entities and the configuration. It resolves the attribute mappings, checks if the identity should be active or not and performs anonymization.
Value | |||
|---|---|---|---|
GUID |
| ||
Scheduled by default |
| ||
Interval in seconds | 600 | ||
Concurrent |
| ||
Parameters |
|
...
Action Performed
Task loops throught Identities.There are 3 processes involvedthrough Identities and performes three main actions:
Task Details
Base Update / Anonymization WorkItems
All three sub-actions are based on a base configuration:
Base Update/Anonymization | Condition |
|---|---|
Identity Type Feature | UpdateIdentity (5) has to be active |
System Type Feature | UpdateIdentity (9c2349cf25db4366b28541efbe374492) has to be active |
(optional) CoreIdentity Ids | Identity has to belong to one of the Core Identities |
And at least one of the following condition set: | |
Active identities: | |
Core Identity | State = Active (1) OR AnonymizationStatus = PendingAnonymization (2) |
Identity | CreationState = Ready (2) |
To anonymize: | |
Core Identity | State = Deleted (2) AND AnonymizationStatus = PendingAnonymization (2) |
Inactive but with update enabled: | |
Identity Type Feature | UpdateIdentityWhenCoreIdentityIsDisabled (13) has to be active |
Core Identity | State = Deleted (2) |
Deactivate because CoreIdentity is suspended: | |
Core Identity | State = Suspended (3) |
Identity | Active |
Reactivate because CoreIdentity no longer suspended: | |
Core Identity | State = Active (1) |
Identity | NOT Active AND DeactivatedBy IS EMPTY |
And does not match below condition set (ignore because they are suspended): | |
Core Identity | State = Suspended (3) |
Identity | NOT Active |
Update Identity
Update Identity
...
- Filter
Update Identity Workitems | Condition |
|---|---|
All conditions from Base Update/Anonymization has to be met | |
IdentityType → Target System Feature | UpdateIdentity (9c2349cf25db4366b28541efbe374492) has to be active |
...
Anonymization Workitems
Condition
Update
...
Identity
...
State = PendingAnonymization (2)
Deactivate identities with inactive core identity Workitems
...
Deactivate identities with inactive core identity
...
Condition
...
Identity Type Feature
...
UpdateIdentity (5) has to be active
...
System Type Feature
...
UpdateIdentity (9c2349cf25db4366b28541efbe374492) has to be active
...
Core Identity
...
State = Deleted (2)
...
Identity
...
Active
Actions performed
Update Identity
Identity - Action
Works on identities found in Update Identity Workitems- Filter.
Calculates new attribute value based on identity provisioning mapping.
...
Attribute has to be updatable (on identity provisioning mapping).
Column | Changes | |
|---|---|---|
Identity Attribute Value | SerializedValue | Value calculated based on |
Identity Attribute Value | HasChanged | Set to true if attribute values |
Identity Attribute Value | ToDelete | Set to true if attribute values should be deleted on target system |
Identity Attribute Value | OldSerializedValue | Previous value that was calculated and provisioned in target system (no provisioning is done in this task but looking at HasChanged flag we can assume what happend) |
There is logic that calculates if identity should still be active or not.
...
If the Identity activity flag is changed there is a event thrown. It may be UserAccountActivated or UserAccountDeactivationRequested event.
If any attribute value was changed the ProvisionIdentityChangesTask will be fasttracked for this Identity. It will be run only when OnCreateFastTrackEnabled (42) global setting is enabled
Anonymization
Anonymization - Filter
Anonymization Workitems | Condition |
|---|---|
All conditions from Base Update/Anonymization has to be met | |
Identity | State = PendingAnonymization (2) |
Anonymization - Action
Works on identites found in Anonymization WorkitemsFilter.
Changes | Condition | |
|---|---|---|
Identity | AnonymizationStatus set to AnonymizationStarted (3) | There were changes of attribute values |
Identity | AnonymizationStatus set to HistoryAnonymizationNeeded (4) | There were NO changes of attribute values |
Deactivate identities with inactive core identity
Deactivate identities - Filter
Deactivate identities with inactive core identity | Condition |
|---|---|
Identity Type Feature | UpdateIdentity (5) has to be active |
System Type Feature | UpdateIdentity (9c2349cf25db4366b28541efbe374492) has to be active |
Core Identity | State = Deleted (2) |
Identity | Active |
Deactivate identities - Action
Works on identities found in Deactivate identities with inactive core identity Workitems- Filter.
Changes | |
|---|---|
Identity | Active set to false |
Identity | HasActiveChanged set to true |
TODO: Involved in processes
...
Large processes
This task is involved in larger multi-task processes that are documented below:
provisioning/propagating changes (separate page with simple diagram how change is flowing from task to task)
...
anonymization
...
identity lifecycle (deactivation)