Chat now with support
Chat with Support

Identity Manager 9.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics
Overview of the One Identity Manager schema Table types and default columns in the One Identity Manager data model Notes on editing table definitions and column definitions Table definitions Column definitions Table relations Dynamic foreign key Supporting file groups
Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

Allocating parameter values

Define value templates in VB.Net syntax. The following statements can be used for allocating values:

  • None

  • Columns of an object or columns of an object connected by a relation

    Syntax:

    Value = $<column name>:<data type>$

    Value = ${FK(<foreign key column>).}column name>:<data type>$

    Example:

    Value = $Lastname$

    Value = $PasswordNeverExpires:bool$

    Value = $FK(Ident_Domain).Description$

  • Parameter from the optional parameter collection

    Syntax:

    Value = $PC(<parameter name>)$

    Example:

    Value = $PC(SRCUID_Application)$

  • Out-Parameter

    Parameters of the OUT or INOUT type are parameters that a process component can use to output a value. This value is then available in all subsequent process steps in the process and can be used as a value for parameters of the IN type.

    When you use OUT parameters, you need to ensure that they contain data at runtime. Alternatively, when the text is processed "&OUT(<parameter name>)&" is entered, which means that the variable will not be replaced.

    Syntax:

    Value = "&OUT(<parameter name>)&"

    Example:

    Value = "&Out(FileSize)&"

  • Global variables allocated by the set-up program

    Syntax:

    Value = Variables("<variable name>")

    Example:

    Value = Variables("GENPROCID")

    Value = Variables("FULLSYNC")

  • The local variables of the process step or of the process generated by the pre-script

    Syntax:

    Value = values("Name")

    Example:

    Value = Values("FirstHomeServer")

  • Querying configuration parameters

    The full path for the configuration parameter must always be entered.

    Syntax:

    Value = Session.Config().GetConfigParm("<full path>")

    Example:

    Value = Session.Config().GetConfigParm("TargetSystem | ADS | PersonAutoDefault")

  • VB.Net

    Enter any statements in VB.NET syntax.

  • Querying environment variables

    Syntax:

    &ENV(Variablenname)&

    Example:

    Value = "&ENV(COMPUTERNAME)&"

  • Querying secrets

    In the One Identity Manager Service configuration, the SecretAllowList and SecretsFolder parameters must be configured.

    Syntax:

    &SECRET(Name)&

    Example:

    Value = "&SECRET(API_KEY)&"

Related topics

Events for processes

Events are defined to assign processes to objects. Processes cannot be generated until a link has been created between object, event, and process. The following predefined events are available. These are described in the following table.

Table 78: Predefined events
Event Comment

Insert

Event created when an object is created. Available for all objects.

Update

Event created when an object is changed. Available for all objects.

Delete

Event created when an object is deleted. Available for all objects.

Execute

The event is triggered by the DBQueue Processor when the activation time of a deferred operation is reached.

Assign

The event is triggered when many-to-many assignments are added.

Remove

The event is triggered when many-to-many assignments are removed.

Other events are provided by the Customizer.You can define other custom events to trigger processes.

Detailed information about this topic

Creating events for processes

If the object event is assigned a program function, users that own this program function by permissions group, can trigger the object event and therefore the process, irrespective of their permissions. Detailed information about managing permissions and running processes with program functions can be found in the One Identity Manager Authorization and Authentication Guide.

To create an event

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Click on the element for the process in the process document.

  4. Select the Events view and click .

  5. Enter the following information.

    Table 79: Event properties

    Property

    Description

    Object event

    Name of the object event.

    The Object event menu displays the object events of the table specified in the process.

    1. Select an existing object event.

      - OR -

    2. Click and enter the name of the new object event.

    Sort order

    Specifies the sort order in which the processes are generated if multiple processes refer to the same event of the base object.

    Processes with a lower sort order are generated before processes with a higher sort order.

    Event process information

    VB.Net expression for displaying the display name in the process view.

  6. (Optional) Assign a program function to the object event.

    1. In the Designer, select the event in the Process Orchestration > Object events.

    2. Select the View > Select table relations menu item and enable the QBMEventHasFeature table.

    3. In the edit view, select the Program function view and select the program function.

Related topics

Permissions for triggering processes

The basic permissions for triggering processes are granted to the logged in user by the Common_TriggerEvents program function.

In One Identity Manager, triggering of events on stored processes is linked to the permissions concept. Users can only trigger events on objects like this if they own edit permissions for them. This can lead to table users who only have viewing permissions not being able to trigger additional events for processes.

In this case, it is possible to connect the object events (QBMEvent table) with a program function (QBMFeature table). An event (JobEventGen table), which is defined for a process, is linked with an object event (JobEventGen.UID_QBMEvent column). The object events are linked to a program function (QBMEventHasFeature table). Users with this program function can trigger the object event and therefore the process too independent of their permissions.

TIP: The Common_TriggerSpecificEvents program function allows you to trigger specific events from the front-end. You can assign this program function to custom object events that any user can trigger. The program function is allocated to the QBM_BaseRigt permissions group.

Detailed information about managing permissions and running processes with program functions can be found in the One Identity Manager Authorization and Authentication Guide.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating