Chat now with support
Chat with Support

Active Roles 7.5 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 and Azure Tenant Selection User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management One Identity Starling Two-factor Authentication for Active Roles Managing One Identity Starling Connect Azure AD, Office 365, and Exchange Online management
Configuring Active Roles to manage hybrid AD objects Managing Hybrid AD Users Unified provisioning policy for Azure O365 Tenant Selection, Office 365 License Selection, and Office 365 Roles Selection, and OneDrive provisioning Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Office 365 Groups Managing Azure Security Groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Appendix A: Using regular expressions Appendix B: Administrative Template Appendix C: Communication ports Appendix D: Active Roles and supported Azure environments Appendix E: Enabling Federated Authentication Appendix F: Active Roles integration with other One Identity and Quest products Appendix G: Active Roles integration with Duo MFA Appendix H: Active Roles integration with Okta MFA

Creating and managing custom activity types

In Active Roles, Policy Type objects provide the ability to store the definition of a custom activity type in a single object. Policy Type objects can be exported and imported, which makes it easy to distribute custom workflow activities to other environments.

In the Workflow Designer, an administrator is presented with a list of activity types derived from the Policy Type objects. Selecting a custom activity type from the list causes Active Roles to create a workflow activity based on the settings found in the respective Policy Type object.

This section covers the following tasks specific to custom activity types:

For more information about Policy Type objects, including instructions on scripting for Policy Type objects, refer to the Active Roles SDK documentation.

Creating a Policy Type object

Active Roles stores Policy Type objects in the Policy Types container. You can access that container in the Active Roles console by expanding the Configuration/Server Configuration branch of the console tree.

To create a new Policy Type object

  1. In the console tree, under Configuration/Server Configuration/Policy Types, right-click the Policy Type container in which you want to create a new object, and select New | Policy Type.

    For example, if you want to create a new object in the root container, right-click Policy Types.

  1. In the New Object - Policy Type wizard, type a name, a display name and, optionally, a description for the new object.

    The display name identifies the activity type in the Workflow Designer. The description text is used as a default description for every activity that is based on this Policy Type object.

  1. Click Next.
  2. Click Browse and select the Script Module containing the script that will be used by the workflow activities of this type.

    The Script Module must exist under the Configuration/Script Modules container.

  1. In the Policy Type category area, select the Workflow activity option.
  2. From the Function to run list, select the name of the script function that will be run by the workflow activities of this type.

    The list contains the names of all the functions found in the script you selected in Step 4. Every activity of this type will run the function you select from the Function to run list.

  1. From the Use in list, select the appropriate option to indicate the category of the workflow in which the activity of this type can be used:
    • Change workflow.  The activity can be used only in change workflows, that is, workflows intended to run upon operation requests that meet certain conditions.
    • Automation workflow.  The activity can be used only in automation workflows, that is, workflows intended to run on a scheduled basis or on user demand.
    • Any workflow.  The activity can be used in both change and automation workflows.
  2. From the Function to declare parameters list, select the name of the script function that defines the parameters specific to this type of workflow activity.

    The list contains the names of all the functions found in the script you selected in Step 4. Every activity of this type will have the parameters that are specified by the function you select from the Function to declare parameters list. Normally, this is a function named onInit (see Active Roles SDK for details).

  1. Click Policy Type Icon to verify the image that denotes this type of activity. To choose a different image, click Change and open an icon file containing the image you want.

    This image appears next to the display name of the activity type in the Workflow Designer, to help identify and visually distinguish this activity type from the other activity types.

    The image is stored in the Policy Type object. In the dialog box that appears when you click Policy Type Icon, you can view the image that is currently used. To revert to the default image, click Use Default Icon. If the button is unavailable, then the default image is currently used.

  1. Click Next and follow the steps in the wizard to complete the creation of the new Policy Type object.

Changing an existing Policy Type object

You can change an existing Policy Type object by changing the general properties, script, or icon. The general properties include the name, display name, and description. The Policy Type objects are located under Configuration/Server Configuration/Policy Types in the Active Roles console.

The following table summarizes the changes you can make to an existing Policy Type object, assuming that you have found the object in the Active Roles console.

Table 62: Policy Type object changes

To change

Do this

Commentary

Name of the object

Right-click the object and click Rename.

The name is used to identify the object, and must be unique among the objects held in the same Policy Type container.

Display name or description

Right-click the object, click Properties and make the necessary changes on the General tab.

Changing the display name also changes the name of the activity type in the Workflow Designer. You may need to refresh the view in the Workflow Designer for the new name to be displayed.

Script Module

Right-click the object, click Properties, click the Script tab, click Browse, and then select the Script Module you want.

You can change the script in the Script Module that is currently associated with the Policy Type object instead of selecting a different Script Module. To view or change the script, find and select the Script Module in the Active Roles console tree, under Configuration/Script Modules.

Changing the script affects all the existing workflow activities of this type. If you add an activity to a workflow and then change the script for the Policy Type object based on which the activity was created, the activity will run the changed script.

Function to run

Right-click the object, click Properties, click the Script tab, and then choose the appropriate function from the Function to run list.

Changing this setting causes the activities of this type to run function you have selected.

Changing the function does not affect the existing activities of this type. If you add a new activity of this type, the activity will run the new function.

Workflow category

Right-click the object, click Properties, click the Script tab, and then choose the appropriate option from the Use in list.

This setting determines the workflow category (change workflow, automation workflow, or any workflow) in which the activity of this type is allowed. After you have changed this setting, an activity of this type can only be added to the corresponding workflow category. Thus, if you select the Change workflow option, the activity of this type cannot be added to an automation workflow.

Function to declare parameters

Right-click the object, click Properties, click the Script tab, and then choose the appropriate function from the Function to declare parameters list.

Changing this setting changes the list of the activity parameters specific to this activity type. The changes do not affect the parameters of the existing activities of this type. When you add a new activity of this type, the list of the activity parameters is built using the new function to declare parameters.

Policy Type icon

Right-click the object, click Properties, click the Script tab, click Policy Type Icon, and then do one of the following:

  • Click Change and open an icon file containing the image you want.
  • Click Use Default Icon to revert to the default image.

Changing this setting changes the image that appears next to the display name of the activity type in the Workflow Designer, on the pane located next to the workflow process diagram.

Using Policy Type containers

You can use a Policy Type container to store related Policy Type objects and other Policy Type containers.

Containers provide a means for additional categorization of custom activity types, making it easier to locate and select an activity type in the Workflow Designer. The activities toolbox next to the workflow process diagram lists the custom activity types along with the containers that hold the respective Policy Type objects. To prevent containers from cluttering the activities toolbox, the Workflow Designer displays only the containers that are direct descendants of the Policy Types container, and disregards the lower-level containers. To clarify this behavior, let us consider a path to a Policy Type object such as Policy Types/Container A/Container B/Object C. In this case, the Workflow Designer only displays Container A and the activity type C under Container A, disregarding Container B.

To create a new Policy Type container

  1. In the console tree, under Configuration/Server Configuration/Policy Types, right-click the Policy Type container in which you want to create a new container, and select New | Policy Type Container.

    For example, if you want to create a new container in the root container, right-click Policy Types.

  1. In the New Object - Policy Type Container wizard, type a name and, optionally, a description for the new container.

    The name of the container will be displayed in the Workflow Designer if the container is located directly in the Policy Types container.

  1. Click Next and follow the steps in the wizard to complete the creation of the new container.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating