Update Identity Task

Filter

Task loops throught Identities.

There are 3 processes involved:

Base Update/Anonymization	Condition
Identity Type Feature	UpdateIdentity (5) has to be active
System Type Feature	UpdateIdentity (9c2349cf25db4366b28541efbe374492) has to be active
(optional) CoreIdentity Ids `uint[]` from task parameter	Identity has to belong to one of the Core Identities
And at least one of the following condition set:
Active identities:
Core Identity	State = Active (1) OR AnonymizationStatus = PendingAnonymization (2)
Identity	CreationState = Ready (2)
To anonymize:
Core Identity	State = Deleted (2) AND AnonymizationStatus = PendingAnonymization (2)
Inactive but with update enabled:
Identity Type Feature	UpdateIdentityWhenCoreIdentityIsDisabled (13) has to be active
Core Identity	State = Deleted (2)
Deactivate because CoreIdentity is suspended:
Core Identity	State = Suspended (3)
Identity	Active
Reactivate because CoreIdentity no longer suspended:
Core Identity	State = Active (1)
Identity	NOT Active AND DeactivatedBy IS EMPTY
And does not match below condition set (ignore because they are suspended):
Core Identity	State = Suspended (3)
Identity	NOT Active

Update Identity Workitems	Condition
	All conditions from Base Update/Anonymization has to be met
IdentityType → Target System Feature	UpdateIdentity (9c2349cf25db4366b28541efbe374492) has to be active

Anonymization Workitems	Condition
	All conditions from Base Update/Anonymization has to be met
Identity	State = PendingAnonymization (2)

Deactivate identities with inactive core identity	Condition
Identity Type Feature	UpdateIdentity (5) has to be active
System Type Feature	UpdateIdentity (9c2349cf25db4366b28541efbe374492) has to be active
Core Identity	State = Deleted (2)
Identity	Active

Calculates new attribute value based on identity provisioning mapping.

Only for attribute values where attribute exists in identity provisioning mapping and that does NOT have BindingMode OneWayToSource (1).

Attribute has to be updatable (on identity provisioning mapping).

	Column	Changes
Identity Attribute Value	SerializedValue	Value calculated based on `identity provisioning mapping`
Identity Attribute Value	HasChanged	Set to true if attribute values
Identity Attribute Value	ToDelete	Set to true if attribute values should be deleted on target system
Identity Attribute Value	OldSerializedValue	Previous value that was calculated and provisioned in target system (no provisioning is done in this task but looking at HasChanged flag we can assume what happend)

There is logic that calculates if identity should still be active or not.

It will be calculated to should-be non-active when any of following conditions is fulfilled:

Identity is not active was deactivated manually (there is no DeactivatedBy),
Core Identity is in State Suspended (3)
Identity Type Feature SetInactiveIfNoActiveAssignment (7) is not active
- AND Core Identity is not in State Active (1)
Identity Type Feature SetInactiveIfNoActiveAssignment (7) is active
- AND there is no valid Resource Assignment for Identity (valid by ValidFrom/ValidTo dates)
  - OR CoreIdentity is not in State Active (1)

If the Identity activity flag is changed there is a event thrown. It may be UserAccountActivated or UserAccountDeactivationRequested event.

(write about _identityStrategyExecuter.ExecuteAfterAttributeValueChangeStrategies)

(fasttrackes)

Works on identites found in Anonymization Workitems

	Changes	Condition
Identity	AnonymizationStatus set to AnonymizationStarted (3)	There were changes of attribute values
Identity	AnonymizationStatus set to HistoryAnonymizationNeeded (4)	There were NO changes of attribute values

	Changes
Identity	Active set to false
Identity	HasActiveChanged set to true

provisioning changes (separate page with diagram)

anonymization (separate page with diagram)

deactivation (does not need documentation)

idea: after we finish most of the tasks we could do column dictionary so that it is possible to search from column to what changes it