Changes to cloud objects can only be made in the Cloud Systems Management Module. ProvisioningActual changes to an object in the One Identity Manager database (added, modified, deleted) are made immediately written to the target system. processes ensure that object changes are transferred from the Cloud Systems Management Module into the Universal Cloud Interface Module. By default, these object changes are then published in the cloud application by automatic provisioning processes.
The One Identity Manager logs the object changes as pending changes in separate tables. The table QBMPendingChange contains the modified objects and their processing status. The details of the changes, operations to execute, time stamp and processing status are saved in the QBMPendingChangeDetail.
The processing status of an object is not set to successful until all associated changes for this object have been successfully provisioned. An object's processing status is set as failed if all associated changes have been processed and at least one them has failed.
The following image show how object changes are provisioned and how the pending changes associated with it are processed. The sequence
Figure 3: ProvisioningActual changes to an object in the One Identity Manager database (added, modified, deleted) are made immediately written to the target system. Sequence for Pending Changes
By default, the Cloud Systems Management module is synchronized hourly with the Universal Cloud Interface. This ensures that the processing state for pending changes is declared promptly in the Cloud Systems Management Module.
Configuration parameter | Effect when Set |
---|---|
QBM\PendingChange\LifeTimeError | This configuration parameter specifies the maximum retention period (in days) for failed provisioning processes. Default is 30 days. |
QBM\PendingChange\LifeTimeRunning | This configuration parameter specifies the maximum retention period (in days) for open provisioning processes. Default is 30 days. |
QBM\PendingChange\LifeTimeSuccess | This configuration parameter specifies the maximum retention period (in days) for successful provisioning processes. Default is 2 days. |
Pending changes are saved for a fixed period. After expiring, the entries in QBMPendingChange and QBMPendingChangeDetail are deleted by the DBQueue Processor. The retention period depends on the status of provisioning processes and can be configured in the configuration parameter.
To configure the retention period for pending changes
|
WARNING: Data may be lost through inconsistencies. If you select manual provisioning, you must ensure that changes from the One Identity Manager database are transferred quickly to the cloud application using suitable manual processes. Ensure that data between the cloud application and the One Identity Manager database is synchronized regularly and quickly. To do this, set up synchronization through the SCIM connector. If this is not possible, you can synchronize using the CSV connector |
Manual provisioning permissions are configured in the cloud application. Pending manual provisioning processes for this cloud application are displayed in the Web Portal. Operators can transfer pending changes to cloud application using this overview and then mark them as done. Auditors can check pending and completed provisioning processes in the Web Portal.
To configure manual provisioning
|
TIP: You can also specify operators for individual containers. For more information, see Container Structures in a Cloud Application. |
For more detailed information about synchronizing using the CSV connector, see the One Identity Manager CSV Connector User Guide.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy