Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Introduction

The provision configuration is used as a definition of how an identity based on the information available on a core identity should be provisioned into a target system. Depending on what account type you want to create the attributes you have to configure are specific for the selected system type. The account type describes what kind of account you want to create in a system, like for the Active Directory an Active Directory User, or an Active Directory Account. The configuration can the be used for one or more identity types.

Advance provisioning by hours

This property can be used to define how many hours before the valid from of the earliest valid resource assignment this identity will be provisioned into the target system, but the resource assignments won’t be provisioned until the valid from of the assignment itself is reached.

Deletion delay (hours)

The deletion delay is used to postpone the deletion in the target system. The resource assignment are deprovisioned independently of the identity.

Provisioning Workflow

You can configure a provisioning workflow that replaces the normal provisioning logic.

Deprovisioning Workflow

You can configure a deprovisioning workflow that replaces the normal deprovisioning logic.

Attribute mappings

The attribute mappings is the second tab for the provisioning configuration. It shows all the attributes that should be managed in the target system and how the value is built. In this list, only system identity attributes for the selected account type can be selected. By default, only the mandatory attribute is automatically added when a new configuration is created. All others can be added with the plus button on the right top corner

Attribute

This column shows the attribute name and the target system property name. Entries that don’t have a property name are coreone suite internal attributes.

Options

Each attribute mapping has three options unique, updatable, and the binding mode. The options unique and updatable are set on the attribute but can be overwritten in the scope of this configuration. The binding mode is defined on the system identity type attribute and can be overwritten as well. When the text of the options are bold it means that this value is overwritten and only applies in the scope of this configuration.

Unique

The unique options define if a value has to be unique in our meta-directory and in the target system. The identity can not be provisioned when the calculated value is not unique in both directories.

The possible values are Unique and Not unique

Updateable

The updatable option defines if an attribute value is only calculated at the creation of the identity or periodically.

The possible values are Updatable and Immutable

Binding Mode

The binding mode describes in which direction the value is provisioned.

Target System → CoreOne

The value will be read from the target system and will be stored in the meta-directory of the coreone suite.

CoreOne → Target System

The value in the meta directory will be used and will be provisioned into the target system

CoreOne ↔︎ Target System

Currently not supported.

CoreOne Suite Internal

This value will only be used in the coreone suite.

Dependencies

The dependencies allows to configure dependencies to other identity types, that leads to that before the identity of this configuration can be provisioned/deprovisioned, an identity of the configured type has to be provisioned/deprovisioned in advance.


How-to Artikel


Verwandte Artikel


  • No labels