|
Note: The Synchronization Editor sets up the domains in the One Identity Manager database. |
To edit master data for an Active Directory domain
Enter the following data for utilizing workflows on the Active Roles tab.
Property | Description | ||
---|---|---|---|
Execute Active Roles workflows |
Specifies whether Active Roles workflows should be executed. For more information about workflows, refer to your Active Roles One Identity Active Rolesdocumentation. If this option is set, Active Roles workflows can be controlled by the integrated Active Roles connector. You may need to define custom processes in One Identity Manager in order to use this functionality. If this option is not set, the One Identity Manager works without input from Active Roles workflows (default configuration). Default behavior requires an administrative account.
| ||
User accounts deleted by Active Roles workflows |
Specifies whether user accounts above deprovisioning workflows are deleted in Active Roles. | ||
Groups deleted by Active Roles workflowsGroups |
Specifies whether groups are deleted in Active Roles through deprovisioning workflows. |
The ID found by the Active Directory connector is returned in the output parameter "LastOperationID" of each change operation in Active Roles. The operation status passed from Active Roles is returned in the parameter "LastOperationStatus". If no workflow is triggered and the operation is successful, the status "Completed" is returned. If a workflow is triggered, then the status "Pending" is returned. You can use these task parameters in follow-up processes to wait for the workflows to be executed.
The Active Roles schema is provided with additional virtual properties for querying the current status of workflows.
|
NOTE:Virtual properties do not require any extension to the Active Directory schema. Active Roles behaves as though these properties really exist. |
These virtual properties are defined as "read-only" and exist for all objects but are not mapped in the default project template. To use this functionality, you must adapt the custom mapping.
When the properties are read, the Active Roles connector executes an "OperationSearchRequest" call to Active Roles. To limit the impact on performance, the result of the queries is held for 30 seconds in cache.
Property | Description |
---|---|
vrtLastOperationID | ID of the last operation in Active Roles. |
vrtLastOperationStatus | ID of the last operation in Active Roles. Possible statuses are "Unknown", "Pending", "Completed", "Rejected", "Failed" and "Canceled". |
For more information see your One Identity Active Roles documentation.
When you are defining templates in One Identity Manager, you need to take the policies defined in Active Roles into account. Values generated in One Identity Manager are passed to the Active Roles connector without checking adherence to the Active Roles policies. If the values that are passed violate the Active Roles policies, the entire process fails. To prevent this, you need to customize the One Identity Manager templates for Active Roles.
Refer to your Active Roles documentation for more information about One Identity Active Roles policies.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy