Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Marinello

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel1
typeflat

...

Mit der Provisionierungskonfiguration wird festgelegt, wie genau die Provisionierung des zugewiesenen Identitätstypen aussieht.

Verwendung

Nach Angabe des Namens und des gewünschten Core Identitätstypen wird der Benutzerkontentyp definiert. Bei Angabe einer Person (als Core Identitätstypen) kann man als Benutzerkonto beispielsweise den Active Directory Benutzer auswählen. Abschliessend gilt es folgende Informationen festzulegen:

  1. Advance provisioning by hours: Hier lässt sich einstellen, wieviele Stunden im Voraus die gewünschte Provisionierung gestartet würde. Falls der oben genannte Active Directory Benutzer um 0800 Uhr beginnt, lässt sich beispielsweise eine Provisionierung auf 0600 Uhr voreinstellen.

  2. Deletion delay (hours): Hier lässt sich konfigurieren, wieviele Stunden nach Löschung des eingestellten Core Identitätstypen die Provisionierung gestoppt, respektive gelöscht wird.

  3. Attribute Mappings: Mithilfe des StringExpression Designers lässt sich konfigurieren, wie das Attribut in welches System gemappt wird. Die Binding Modes der Attribute, bzw. aus welchem Quellsystem in welches Zielsystem geschrieben wird, ist vordefiniert.

...

Zusätzlich können Dependencies zu weiteren Identitätstypen erstellt werden. 

Konfigurationsparameter

...

Introduction

The provision configuration is used as a definition of how an identity based on the information available on a core identity should be provisioned into a target system. Depending on what account type you want to create the attributes you have to configure are specific for the selected system type. The account type describes what kind of account you want to create in a system, like for the Active Directory an Active Directory User, or an Active Directory Account. The configuration can be used for one or more identity types.

Advance provisioning by hours

This property can be used to define how many hours before the valid from of the earliest valid resource assignment this identity will be provisioned into the target system, but the resource assignments won’t be provisioned until the valid from of the assignment itself is reached.

Deletion delay (hours)

The deletion delay is used to postpone the deletion in the target system. The resource assignment are deprovisioned independently of the identity.

Provisioning Workflow

You can configure a provisioning workflow that replaces the normal provisioning logic.

Deprovisioning Workflow

You can configure a deprovisioning workflow that replaces the normal deprovisioning logic.

Attribute mappings

The attribute mappings is the second tab for the provisioning configuration. It shows all the attributes that should be managed in the target system and how the value is built. In this list, only system identity attributes for the selected account type can be selected. By default, only the mandatory attribute is automatically added when a new configuration is created. All others can be added with the plus button on the right top corner

...

Attribute

This column shows the attribute name and the target system property name. Entries that don’t have a property name are coreone suite internal attributes.

Options

Each attribute mapping has three options unique, updatable, and the binding mode. The options unique and updatable are set on the attribute but can be overwritten in the scope of this configuration. The binding mode is defined on the system identity type attribute and can be overwritten as well. When the text of the options are bold it means that this value is overwritten and only applies in the scope of this configuration.

Unique

The unique options define if a value has to be unique in our meta-directory and in the target system. The identity can not be provisioned when the calculated value is not unique in both directories.

The possible values are Unique and Not unique

Updateable

The updatable option defines if an attribute value is only calculated at the creation of the identity or periodically.

The possible values are Updatable and Immutable

Binding Mode

The binding mode describes in which direction the value is provisioned.

Target System → CoreOne

The value will be read from the target system and will be stored in the meta-directory of the coreone suite.

CoreOne → Target System

The value in the meta directory will be used and will be provisioned into the target system

CoreOne ↔︎ Target System

Currently not supported.

CoreOne Suite Internal

This value will only be used in the coreone suite.

Dependencies

Dependencies between identity types can be configured, so that a delay of provisioning/deprovisioning can be achieved. This is important when the order of provisioning/deprovisioning must be adhered to.

“Provisioning delay in minutes” defines how much later the identity will be created, starting from the creation date of the identity it is dependent of.

...


How-to article

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
cqllabel in ( "systemkonnektor" , "how-to" ) and type = "page" and space = "IKB"

...

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
cqllabel = "systemkonnektor" and type = "page" and space = "IKB"

...