Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Creating and Editing Processes

IMPORTANT: The process and process steps are not created until the entire process is saved in the One Identity Manager database. After this, other users can use the Process Editor to make changes to the process.However, it cannot be generated yet. The process has to be compiled before it can be generated.

To create a custom process

  • Create a new process.

    - OR -

  • Copy an existing process and edit the copy.

To create a new process

  1. Select the category Process Orchestration in the Designer.
  2. Start the Process Editor using the task Create a new process.

    This makes a new element for the process and opens it in the Process Editor.

To edit an existing process

  1. Select the process in the category Process Orchestration in the Designer
  2. Start the Process Editor with Edit process 'XY' in the task view.

    The process is opened in the Process Editor.

To copy a process

  1. Select the process in the category Process Orchestration in the Designer
  2. Start the Process Editor with Edit process 'XY' in the task view.
  3. Select Process | Copy... from the menu.

    Starts a copy wizard for a process. The wizard start up screen displays the name of the process to be copied.

  4. Click Next.
  5. Specify the name of the new process and set the copy options.
    Table 218: Copy Options
    Option Meaning
    Rename process steps If you set this option you have the option to rename each of the process steps individually in the next step of the wizard.
    Copy events Set this option if you want the events that are assigned to this process to be copied as well.
    Disable source process This option specifies whether the source process should be disabled after copying. If you set this option the source process is set to "do not generate".
    Disable copied process Use this option to specify whether the process should be disabled after copying. If you enable this option the process is set to "do not generate".
  6. Click Next.
  7. (Optional) rename each process step and click Next.

    You can change these by clicking on the new process step name.

    NOTE: This step is only available if you have set the copy option Rename process steps.

  8. To start compiling, click Next.

    During the process the action that is currently being executed is displayed in a status bar. The process is opened in the Process Editor and you can continue editing.

Detailed information about this topic

Properties for a Process

Table 219: Properties for a Process
Property Meaning
Name Name of the process. The name of the process must be unique. Label custom processes with the prefix "CCC_".
Table The process is generated on the event from this base object (table).
Description Additional description of the process.
Remarks Additional remarks about the process.
Process Process UID. These cannot be edited.
Process information

Specifies whether this step is logged. Logging depends on the setting of the configuration parameter "Common\ProcessState\ProgressView".

Table 220: Permitted Values

Value

Description

None

The process information is not logged.

Full process tracking

The process information is logged and displayed in the Manager.

Web Portal tracking

The process information is logged and displayed in the Manager and in the Web Portal.

Process information term VB.Net expression for displaying the display name in the process view.
Pre-script for generating

The pre-script is executed before other scripts are run. You can find global variables with a pre-script or define process specific variables that can then be used within the process and process steps, for example, in generating conditions, sever selection scripts or parameters.

NOTE: When a process is being handled, the generating pre-script is executed first and then the generating condition is evaluated.

Generating condition Define a condition in VB.Net syntax for the process step, which is used to decide whether the process is generated. If a generating condition is given, the process is only generated if the condition is fulfilled. You can find an example scripts on the installation medium in directory QBM\dvd\AddOn\SDK\ScriptSamples.
Do not generate

Use this option to decide whether a process will be generated. If the option is set, the process will not be generated and cannot be compiled.

NOTE: If this option is set for this process, it remains in the ’set’ state during update migration and is not reset.

Preprocessor condition

You can specify a preprocessor condition for a process for conditional compiling. A process is only available, therefore, if the preprocessor condition is fulfilled.

Disabled by preprocessor

If a process step is disabled by a preprocessor condition, the option is set by the Database Compiler.

Threshold (warning) Maximum number of processes for a queue that can be present at the same time. A warning is sent if the number is exceeded. The One Identity Manager Service continues handling processes all the same.
Threshold (disable) Maximum number of processes for a queue that can be present at the same time. If this number is exceeded, other processes are set to OverLimit and not handled by the One Identity Manager Service.
Related Topics

Using Process Specific and Global Variables for the Process Definition

Process specific variables are local data spaces when a process is generated. This enables variables to be defined that can be made further use of within processes and process steps, for example, generating conditions, server selection scripts or in parameters.

NOTE: It is recommended only to set process specific variables in the pre-script and to have read access to them during further usage.

Pre-script syntax:

values("Name") = "value"

Usage in the following process and process step code sections:

Value = values("Name")

Additional global variables can be used to control process generation, which are made available over the session object. These variables are valid as long as the session is active. All custom variables defined for the session object can be used in addition to predefined variables. Custom global variables can be defined through scripts, methods or customizers, for example, and used in the processes.

NOTE: Global variables should only be use with read access in processes.

NOTE: When a process is being handled, the generating pre-script is executed first and then the generating condition is evaluated. It is recommended to evaluate global variables that are used in the generating condition in the pre-script as well. This can prevent unnecessary data access.

NOTE: If a custom session variable is defined, it must be removed again afterward. Otherwise it remains for the rest of the session and, in certain circumstances, the wrong processes can be generated.

Example of use:

The process should only be generated for a full synchronization. The session variable "FullSync" is used for this. This variable can take the value "true" or "false". The variable is available to all processes that are generated within full synchronization.

The variable is queried in the pre-script for generating and the generating condition. This way, loading of unnecessary objects is already prevented by executing the pre-script.

Generating pre-script:

If CBool(Session.Variables("FULLSYNC")) Then

values("Name1") = "value1"

values("Name2") = "value2"

...

End If

Generating condition:

Value = CBool(Session.Variables("FULLSYNC"))

Related Topics

Thresholds for Handling Processes

Table 221: Configuration Parameter for Notifications
Configuration parameter Meaning
Common\MailNotification\NotifyAboutWaitingJobs Specifies whether a message should be sent if the process steps have a particular execution state in the job queue.

In order to prevent bulk modifications, you can specify how long each process can remain in the Job queue. Use the values Threshold (warning) and Threshold (disable) to do this. You can use the database script SDK_SetLimitationCount_in_Jobchain to initially fill the process data. You can find an example of a configuration file on the installation medium in directory QBM\dvd\AddOn\SDK\SQLSample.

If the warning threshold is exceeded, a message is sent by email to a specified recipient. Prerequisites for using the notification system is an SMTP host set up for sending mail and activation of the configuration parameter for mail notification.

If the disable threshold is exceeded, the affected processes are given the status "Overlimit" in the Job queue. These processes are no longer collected by One Identity Manager Service for processing and remain in the Job queue. You can re-enable the process steps in the program, "Job Queue Info".

If the configuration parameter "Common\MailNotification\NotifyAboutWaitingJobs" is set, an additional email is sent when processes are labeled with the status "Overlimit2 and a corresponding entry is made in the update server's event log.

Related Topics
Related Documents