Retention time for pending changes
Pending changes are saved for a fixed period. After this period has expired, the entries are deleted by the DBQueue Processor from the QBMPendingChange and QBMPendingChangeDetail tables. The retention period depends on the status of provisioning processes and can be configured in the configuration parameter. The specified periods apply to both automatic and manual provisioning processes.
To configure the retention period for pending changes
-
To change the retention period for successful provisioning processes, in the Designer, edit the value of the QBM | PendingChange | LifeTimeSuccess configuration parameter. Enter a retention period in days. The default is 2 days.
-
To change the retention period for failed provisioning processes, in the Designer, edit the value of the QBM | PendingChange | LifeTimeError configuration parameter and enter the retention period in days. The default is 30 days.
-
To change the retention period for pending provisioning processes, in the Designer, edit the value of the QBM | PendingChange | LifeTimeRunning configuration parameter and enter the retention period in days. The default is 60 days.
Configuring manual provisioning
|
|
CAUTION: Data may be lost through inconsistencies.
If you select manual provisioning, you must ensure that changes from the One Identity Manager database are transferred quickly to the cloud application using suitable manual processes.
Ensure that data between the cloud application and the One Identity Manager database is synchronized regularly and quickly. To do this, set up synchronization through the SCIM connector. If this is not possible, you can synchronize using the CSV connector. |
Manual provisioning permissions are configured in the cloud application. Open manual provisioning processes for these cloud applications are displayed in the Operations Support Web Portal. Operators can transfer pending changes to cloud application using this overview and then mark them as done. Auditors can check pending and completed provisioning processes in the Operations Support Web Portal.
To configure manual provisioning
-
Edit the cloud application's main data.
-
Set the Manual provisioning option.
-
In the Operations Support Web Portal, assign the operators who are permitted to edit pending provisioning processes.
-
In the Operations Support Web Portal, specify the auditors who are authorized to check manual provisioning processes.
For more information about synchronizing using the CSV connector, see the One Identity Manager CSV Connector User Guide. For more information about managing provisioning processes, see the One Identity Manager Operations Support Web Portal User Guide.
Detailed information about this topic
Mapping cloud objects in One Identity Manager
You can use One Identity Manager to manage users and entitlements in cloud applications. Each cloud application is mapped as its own base object in One Identity Manager. The user data is saved as user accounts, groups, system entitlements, and permissions controls and can be organized into containers.
Detailed information about this topic
Cloud applications
Each cloud application is mapped as its own base object in One Identity Manager. The cloud application main data is displayed in the Manager. Here you can assign the operators.
Properties of existing cloud applications are maintained in cloud target systems in the Cloud Systems Management Module and transferred to the Universal Cloud Interface Module by provisioning.
NOTE: The Synchronization Editor sets up the cloud applications in the One Identity Manager database.
Detailed information about this topic
