Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Cloud Applications

Synchronizing Cloud Applications through the Universal Cloud Interface Setting up Synchronization with a Cloud Application Base Data for Managing Cloud Applications Cloud Applications Container Structures in a Cloud Application User Accounts in a Cloud Application Groups in a Cloud Application Permissions Controls in a Cloud Application Provisioning Object Changes Managing Provisioning Processes in the Web Portal Additional Information for Experts Appendix: Default Project Template for Cloud Applications

Provisioning Object Changes

Provisioning Object Changes

Changes to cloud objects can only be made in the Cloud Systems Management Module. ProvisioningClosed processes ensure that object changes are transferred from the Cloud Systems Management Module into the Universal Cloud Interface Module. By default, these object changes are then published in the cloud application by automatic provisioning processes. Automated interfaces for provisioning changes from the to the cloud application can or should not be applied to certain cloud applications. Changes can be manually provisioned for cloud application like this. Manual provisioning instances are displayed by a Web Portal. Operators can transfer pending changes to the cloud application on the basis of this overview.

The One Identity Manager logs the object changes as pending changes in separate tables. The table QBMPendingChange contains the modified objects and their processing status. The details of the changes, operations to execute, time stamp and processing status are saved in the QBMPendingChangeDetail. Pending changes are processed in the order in which they were created if provisioning is automatic. In the case of manual provisioning, the pending changes are listed in the order they were created in the Web Portal.

The processing status of an object is not set to successful until all associated changes for this object have been successfully provisioned. An object's processing status is set as failed if all associated changes have been processed and at least one them has failed.

Detailed information about this topic

The Provisioning Sequence

The following image show how object changes are provisioned and how the pending changes associated with it are processed. The sequence is identical for automatic and manual provisioning processes and does no depend on whether the module Cloud System Management and the Universal Cloud Interface are installed in the same or in separate databases.

Figure 3: ProvisioningClosed Sequence for Pending Changes

By default, the Cloud Systems Management module is synchronized hourly with the Universal Cloud Interface. This ensures that the processing state for pending changes is declared promptly in the Cloud Systems Management Module.

Retention Time for Pending Changes

Retention Time for Pending Changes

Table 29: Configuration Parameters
Configuration parameter Effect when Set
QBM\PendingChange\LifeTimeError This configuration parameter specifies the maximum retention period (in days) for failed provisioning processes. Default is 30 days.
QBM\PendingChange\LifeTimeRunning This configuration parameter specifies the maximum retention period (in days) for open provisioning processes. Default is 30 days.
QBM\PendingChange\LifeTimeSuccess This configuration parameter specifies the maximum retention period (in days) for successful provisioning processes. Default is 2 days.

Pending changes are saved for a fixed period. After expiring, the entries in QBMPendingChange and QBMPendingChangeDetail are deleted by the DBQueue Processor. The retention period depends on the status of provisioning processes and can be configured in the configuration parameter. The retention periods apply to both automatic and manual provisioning processes.

To configure the retention period for pending changes

  1. To change the retention period for successful provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeSuccess" in the Designer.
  2. To change the retention period for failed provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeError" in the Designer.
  3. To change the retention period for open provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeRunning" in the Designer.
  4. Enter a retention period in days.

Configuring Manual Provisioning

Configuring Manual Provisioning

WARNING: Data may be lost through inconsistencies.

If you select manual provisioning, you must ensure that changes from the One Identity Manager database are transferred quickly to the cloud application using suitable manual processes.

Ensure that data between the cloud application and the One Identity Manager database is synchronized regularly and quickly. To do this, set up synchronization through the SCIM connector. If this is not possible, you can synchronize using the CSV connectorClosed.

Manual provisioning permissions are configured in the cloud application. Pending manual provisioning processes for this cloud application are displayed in the Web Portal. Operators can transfer pending changes to cloud application using this overview and then mark them as done. Auditors can check pending and completed provisioning processes in the Web Portal.

To configure manual provisioning

  1. Edit the cloud application's master data.
    1. Set the option Manual provisioning.
    2. Assign operations, which are authorized to edit pending provisioning processes in the Web Portal.

      TIP: You can also specify operators for individual containers. For more information, see Container Structures in a Cloud Application.
  2. Specify the auditors who are authorized to check manual provisioning processes in the Web Portal.
Detailed information about this topic

For more detailed information about synchronizing using the CSV connector, see the One Identity Manager CSV Connector User Guide.

Related Documents