Chat now with support
Chat with Support

Active Roles 7.6.3 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 and Azure Tenant Selection User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Azure AD, Office 365, and Exchange Online management
Configuring Active Roles to manage hybrid AD objects Managing Hybrid AD Users Unified provisioning policy for Azure O365 Tenant Selection, Office 365 License Selection, and Office 365 Roles Selection, and OneDrive provisioning Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Office 365 Groups Managing Azure Security Groups Managing cloud-only distribution groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes Managing cloud-only shared mailboxes
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Using regular expressions Administrative Template Communication ports Active Roles and supported Azure environments Active Roles integration with other One Identity and Quest products Active Roles integration with Duo Active Roles integration with Okta Active Roles Diagnostic Tools Active Roles Add-on Manager

Error handling

When configuring an If-Else activity, you can choose whether to suppress errors encountered by that activity. The following option is available: Continue workflow even if this activity encounters an error. If this option is not selected (default setting), then an error condition encountered by the activity causes Active Roles to terminate the workflow. If you select this option, the workflow continues regardless of whether or not the If-Else activity or any activity within the If-Else activity encounters an error condition.

Stop/Break activity

A Stop/Break activity is used to immediately end all activities of a running workflow instance. You can use it within a branch of an If-Else activity, so as to terminate the workflow once a certain condition occurs.

An example is a requirement for the validation of the requested data changes to deny certain operations because applying such operations would result in unacceptable data being written to the directory. To address this requirement, you can use a workflow with an If-Else branch that runs upon detection of unacceptable data in the requested operation, and add a Stop/Break activity to that branch. In this way, your workflow will block the unwanted operations, safeguarding the directory data.

The Stop/Break activity logs a message when terminating the workflow instance. You can specify a message text as an activity setting to provide the reason for the workflow instance termination. The activity includes that message in the event that is recorded to the Active Roles event log on the computer running the Active Roles Administration Service.

Add Report Section activity

You can use the Add Report Section activity to add custom information to the change history report (in case of workflow started by an operation request) or run history report (in case of automation workflow). The activity adds a separate section to the Workflow activities and policy actions area of the report. The section consists of a header and a body. The activity provides the following options for configuring the text to be displayed in the header and the body of the report section:

  • You can specify whether the report section is intended to display information about successful operation or error condition. In the latter case, the text of the header and the body of the report section is displayed in red.
  • You can compose the header text of data entries that will be calculated during execution of the activity. The activity offers various data entry types, allowing the header text to include properties of objects involved in the workflow and related objects, date and time of activity execution, and workflow parameters.
  • You can configure the body text to include multiple strings, with each string composed by using the same options that are available for the header text string. Thus, in addition to literal text strings and formatting characters, the body text may include information about object properties and other string values the activity will calculate in workflow run time.

You can also add the Add Report Section activity to a certain If-Else branch to have the report indicate that the workflow executed that branch of activities.

Search activity

A Search activity allows you to perform searches against directory data to find objects, such as users or groups, that match the criteria you specify based on object properties, object location, and other information available in the execution environment of the workflow, and to pass these objects to other activities so that the workflow can perform the appropriate actions on them. You can insert activities into a Search activity and have those activities process the objects found by the Search activity.

The following topics cover the configurable settings of a Search activity:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating