Chat now with support
Chat mit Support

Identity Manager 8.1.5 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Using scripts Notes on message output Notes on using date values Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing of scripts in Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for executing scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Overview of process components

Process components and their process tasks form a framework that all process steps can be based on. The tables Jobcomponent, JobTask and Jobparameter define the complete range of One Identity Manager’s own process components and process task with the associated parameters.

Process tasks are used to carry out single basic jobs at system level, for example, adding directories. A process component consists of one or more process tasks and its parameters.

When a process is created, the parameter templates for the process task are copied and entered in the process step. This means that every process step that uses this process task can pass other parameter values. The original is not altered.

NOTE:The information available for the process components is added through migration and cannot be edited.

To obtain a complete overview of process components and their process tasks and parameters

  • In the Designer, select the Documentation | System configuration reports category and the Process components report.

To display individual process components and their process tasks and parameters

  • In the Designer, select the Process Orchestration | Process components category.

The following table contains short descriptions of the process components.

NOTE: Additional process components may be available depending on which modules are installed.
Table 119: Short descriptions of process components
Component Description

AutoUpdateComponent

This process component maps the One Identity Manager Service built-in-tasks.

CommandComponent

This process component runs any command.

DelayComponent

This process component controls the start time of the following process steps.

FileComponent

This process component creates, deletes, copies, and modifies file and directories and also their access permissions.

The RSync program is a prerequisite for using the process component on Linux operating systems.

Under Windows, some of the process components' process functions required the program XCalcs to edit permissions. You can find this in the your server installation resource kit.

FtpComponent

This process component can transfer file by FTP.

HandleObjectComponent

This process component runs default and custom events for database objects. Each assigned default process is generated as in the front-ends. The component also makes it possible to initiate so called CustomEvents for triggering object related generation of a special process.

LogComponent

This process component is used to log messages, for example, in the result log.

MailComponent

This process component can send emails.

PowerShellComponent

This process is used for calling Windows PowerShell. Version 2.0 of Windows PowerShell must be installed.

PowershellComponentNet4

This process is used for calling a .NET 4 Windows PowerShell. A version of Windows PowerShell later than 2.0 must be installed.

ProjectorComponent

This process component contains tasks for synchronizing and provisioning data with the One Identity Manager database.

ReportComponent

This process component can create reports and export them in various file formats.

ScriptComponent

This process component run the scripts from the assemblies.

SQLComponent

This process component runs SQL queries and can be used to determine the number of data records and the existence of data records.

ZipComponent

This process component creates or unpacks ZIP files.

Detailed information about this topic

Properties of process components, process tasks and parameter templates

Table 120: Process component properties

Property

Meaning

Display name

Name of component for displaying.

Component class

Component class.

Assembly name

Name of the component.

Description

Description of component functionality.

Remarks

Additional remarks about the process component.

Max. instances

This value specifies the maximum number of instances in which this process component is allowed to run in a queue in the Job server.

Permitted values:

  • -1: All instances of this process component are processed sequentially.

    It must be ensured that these components are run exclusively on one Job server, which means no other queue can exist to process these components.

  • 0: All instances of this process component can be processed simultaneously.
  • 1 or greater: The exact number of instances of a process component, which are processed simultaneously.

NOTE: The value is only used if the maximum number of instances of a process task is set to 0. Otherwise, the value applies that is set for the process task.

Configuration

Definition of possible additional options for the component in XML syntax.

Table 121: Process task properties
Property Meaning

Name

Name of the process task.

Operating system class

Specifies the operating system on which the process task can be run. The Win32, Linux and ALL values are permitted, where the ALL value specifies that this process task is used on any operating system.

Execution type

Execution type for the process task. Permitted values:

  • Internal: Internal execution in the One Identity Manager Service.

  • External: External execution as an owned process.

  • External32: External execution as an owned 32-bit process.

Description

Description of the process task.

Max. instances

This value specifies the maximum number of instances that can be run by One Identity Manager Service in parallel per process task.

Permitted values:

  • -1: All instances of this process task are processed sequentially. Other process task instances of the same process component are not executed simultaneously.

  • 0: The maximum number of instances given for the process component is used.

  • 1 or greater: The exact number of instances of a process task, which are processed simultaneously.

Last step in the partial process tree

Specifies whether a process task is principally marks the end of a partial process tree.

Component

Process component to which the process task belongs.

Direct database connection required

Specifies whether a process task requires a direct database connection.

Exclusive per object

Specifies whether execution of the process task is done exclusively per object. If this option is set, only one specific object is ever executed for a process step with this process function. There is no parallel processing.

DBQueue does not wait

Specifies whether or not to wait until the process step has been processed before continuing to process DBQueue Processor tasks. It is only necessary to wait for process steps if a process step could change data that is relevant to the DBQueue Processor tasks.

Table 122: Parameter template properties
Property Meaning

Name

Name of the parameter.

Value template

Default template for finding values. When a parameter is added to a process step, the value template is taken from the parameter template. Define value templates in VB.Net syntax.

Value template (example)

Example of the value template.

Description

Description of the parameter.

Type

The IN, OUT and INOUT values are permitted.

Optional

Labels the parameter as a mandatory or optional parameter.

Hidden

This option specifies whether the parameter is shown in the One Identity Manager Service log file and in the Job Queue Info program. Values for hidden parameters are shown as <HIDDEN>.

NOTE: Users with the program function Option to see the values of hidden parameters in Job Queue Info (JobQueue_ShowHiddenParameters) can view the hidden parameters in the Job Queue Info. Assign the appropriate permissions group to the program function.

Encrypted

Specifies whether the parameter is encrypted when it is passed.

Contains encrypted components

Specifies whether encrypted sequences are contained in this value.

Process task

Process task to which the parameter belongs.

Tracking changes with process monitoring

With One Identity Manager, it is possible to create a change history for objects and their properties. This can be used to fulfill reporting duties for internal committees and legal obligations for providing documentary evidence. Different methods can be used to track changes within One Identity Manager. With this combination of methods, all changes that are made in the One Identity Manager system can be traced.

  • Recording data modifications

    Modifications to data can be recorded for add or delete operations on objects, and up to and including changes to individual object properties.

  • Recording process information

    Recording process information allows all processes and process steps to be tracked while being processed by One Identity Manager Service.

  • Recording messages in the process history

    In the process history, success, and error messages from handling each process step in the Job queues are recorded by the One Identity Manager Service.

All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25 percent. Otherwise, performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived. For more information about archiving data, see the One Identity Manager Data Archiving Administration Guide.

Detailed information about this topic

Basic rules for process monitoring

To use process monitoring in One Identity Manager.

  1. In the Designer, check if the Common | ProcessState configuration parameter is set. If not, set the configuration parameter.

    If the configuration parameter is set, you can configure process monitoring. In addition, the process view is enabled in the Manager.

  2. You can control the extent of the logging using the configuration settings for each method.

The methods implemented by One Identity Manager allow monitoring of all modifications to the system that are triggered by a user action. Each action in One Identity Manager is labeled with a unique ID number. This ID number is called a GenProcID. All changes that can be traced back to the same cause are given the same GenProcID and are grouped in this way. If a previously stored action does not pass a GenProcID to the current action, a new ID is automatically created.

If an action is triggered from the One Identity Manager’s object layer, the GenProcID is written to the context data of the database connection. The logged in user is also noted in the context data and is made available in this way.

A new GenProcID is generated by the trigger if an action takes place directly in the database or through an application that works without the One Identity Manager object layer. This GenProcID is valid for the duration of the database connect, which means that all changes belong to the same action and link to the same GenProcID. The user data is made up of the database user’s name, the MAC address and the workstation name as well as the application name.

All actions (process triggers) that cause changes to the system, and their actual status information, are logged internally in the DialogProcess status table. Logging takes place independent of the chosen change history method. This log writing therefore provides a starting point for monitoring and allows the changes based on one action to be grouped together.

The following information is recorded for one action:

  • ID number (GenprocID)

  • Display name for the action

  • Base object that the action is triggered for

  • User that triggered the action

  • Time of action

  • Object key for selecting the process trigger

  • Comment on the action

  • Current process status

NOTE: The information is displayed in the Manager in the process view. For more detailed information, see the One Identity Manager Operational Guide.

Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen