Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Active Roles Integration

Extensions for Applying Active Roles Workflows

Extensions for Applying Active Roles Workflows

Note: The Synchronization Editor sets up the domains in the One Identity Manager database.

To edit master data for an Active Directory domain

  1. Select the category Active Directory | Domains.
  2. Select the domain in the result list and run the task Change master data.
  3. Enter the following data for utilizing workflows on the Active Roles tab.

    Table 7: Extended Properties for Applying Active Roles Workflows
    Property Description

    Execute Active Roles workflows

    Specifies whether Active Roles workflows should be executed. For more information about workflows, refer to your Active Roles One Identity Active Rolesdocumentation.

    If this option is set, Active Roles workflows can be controlled by the integrated Active Roles connector. You may need to define custom processes in One Identity Manager in order to use this functionality.

    If this option is not set, the One Identity Manager works without input from Active Roles workflows (default configuration). Default behavior requires an administrative account.

    NOTE: If the One Identity Manager Service user account is a member in the Active Roles administrators group, Active Roles workflows are always bypassed independent of the option.

    User accounts deleted by Active Roles workflows

    Specifies whether user accounts above deprovisioning workflows are deleted in Active Roles.

    Groups deleted by Active Roles workflowsGroups

    Specifies whether groups are deleted in Active Roles through deprovisioning workflows.

  4. Save the changes.
Related Topics

Operation ID and Status

The ID found by the Active Directory connector is returned in the output parameter "LastOperationID" of each change operation in Active Roles. The operation status passed from Active Roles is returned in the parameter "LastOperationStatus". If no workflow is triggered and the operation is successful, the status "Completed" is returned. If a workflow is triggered, then the status "Pending" is returned. You can use these task parameters in follow-up processes to wait for the workflows to be executed.

Additional Virtual Properties in the Schema

Additional Virtual Properties in the Schema

The Active Roles schema is provided with additional virtual properties for querying the current status of workflows.

NOTE:Virtual properties do not require any extension to the Active Directory schema. Active Roles behaves as though these properties really exist.

These virtual properties are defined as "read-only" and exist for all objects but are not mapped in the default project template. To use this functionality, you must adapt the custom mapping.

When the properties are read, the Active Roles connector executes an "OperationSearchRequest" call to Active Roles. To limit the impact on performance, the result of the queries is held for 30 seconds in cache.

Table 8: Virtual Properties for the Active Roles Connector
Property Description
vrtLastOperationID ID of the last operation in Active Roles.
vrtLastOperationStatus ID of the last operation in Active Roles. Possible statuses are "Unknown", "Pending", "Completed", "Rejected", "Failed" and "Canceled".

For more information see your One Identity Active Roles documentation.

Interaction with Active Roles Policies

Interaction with Active Roles Policies

When you are defining templates in One Identity Manager, you need to take the policies defined in Active Roles into account. Values generated in One Identity Manager are passed to the Active Roles connector without checking adherence to the Active Roles policies. If the values that are passed violate the Active Roles policies, the entire process fails. To prevent this, you need to customize the One Identity Manager templates for Active Roles.

Refer to your Active Roles documentation for more information about One Identity Active Roles policies.

Related Documents