The following image show how object changes are provisioned and how the pending changes associated with it are processed. The sequence does no depend on whether the module Cloud System Management and the Universal Cloud Interface are installed in the same or in separate databases.
Figure 3: ProvisioningActual changes to an object in the One Identity Manager database (added, modified, deleted) are made immediately written to the target system. Sequence for Pending Changes
By default, the Cloud Systems Management module is synchronized hourly with the Universal Cloud Interface. This ensures that the processing state for pending changes is declared promptly in the Cloud Systems Management Module.
Configuration parameter | Effect when Set |
---|---|
QBM\PendingChange\LifeTimeError | This configuration parameter specifies the maximum retention period (in days) for failed provisioning processes. Default is 30 days. |
QBM\PendingChange\LifeTimeRunning | This configuration parameter specifies the maximum retention period (in days) for open provisioning processes. Default is 30 days. |
QBM\PendingChange\LifeTimeSuccess | This configuration parameter specifies the maximum retention period (in days) for successful provisioning processes. Default is 2 days. |
Pending changes are saved for a fixed period. After expiring, the entries in QBMPendingChange and QBMPendingChangeDetail are deleted by the DBQueue Processor. The retention period depends on the status of provisioning processes and can be configured in the configuration parameter.
To configure the retention period for pending changes
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for cloud systems.
|
NOTE: Other sections may be available depending on the which modules are installed. |
Report |
Description |
---|---|
Overview of all Assignments (Cloud target system |
This report finds all roles containing employees with at least one user account in the selected target system. |
Overview of all assignments (Cloud container) |
This report finds all roles containing employees with at least one user account in the selected container. |
Overview of all assignments (Cloud group) |
This report finds all roles containing employees with the selected group. |
Show orphaned user accounts |
This report shows all user accounts in the target system which are not assigned an employee. The report contains group memberships and risk assessment. |
Show employees with multiple user accounts |
This report shows all employees with more than one user account in the target system. The report is a risk assessment. |
Show unused user accounts |
This report shows all user accounts in the target system that have not been used in the last few months. The report contains group memberships and risk assessment. |
Show entitlement drifts |
This report shows all target system groups, which are the result of manual operations in the target system rather than provisioned through One Identity Manager. |
Show user accounts with an above average number of system entitlements |
This report contains all user accounts in the target system with an above average number of group memberships. |
Cloud target systems user account and group administration |
This report contains a summary of user account and group distribution in all cloud target systems. You can find this report in the category My One Identity Manager. |
Cloud Target Systems Data Quality Summary |
This report contains different evaluations of user account data quality in all cloud target systems. You can find this report in the category My One Identity Manager. |
The report "Overview of all Assignments" is displayed for certain objects, for example, permissions, compliance rules or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles and IT Shop structures in which there are employee who own the selected base object. In this case, direct as well as indirect base object assignments are included.
To display detailed information about assignments
All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are employees with the selected base object. The meaning of the report control elements is explained in a separate legend. In the report's toolbar, click to open the legend.
Figure 4: Toolbar for Report "Overview of all assignments"
Icon | Meaning |
---|---|
Show the legend with the meaning of the report control elements | |
Saves the current report view as a graphic. | |
Selects the role class used to generate the report. | |
|
Displays all roles or only the affected roles. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy