Chat now with support
Chat with Support

Identity Manager 8.1 - Administration Guide for Connecting to a Universal Cloud Interface

Managing Universal Cloud Interface Environments Setting up Synchronization with a Cloud Application in the Universal Cloud Interface Basic data for managing a Universal Cloud Interface environment Cloud Target Systems Container Structures in a Cloud Target System Cloud User Accounts Cloud Groups Cloud Permissions Controls Provisioning Object Changes Reports about Objects in Cloud Target Systems Appendix: Configuration Parameters for Managing Cloud Target Systems Appendix: Default Project Template for Cloud Application in the Universal Cloud Interface

The Provisioning Sequence

The following image show how object changes are provisioned and how the pending changes associated with it are processed. The sequence does no depend on whether the module Cloud System Management and the Universal Cloud Interface are installed in the same or in separate databases.

Figure 3: Provisioning Sequence for Pending Changes

By default, the Cloud Systems Management module is synchronized hourly with the Universal Cloud Interface. This ensures that the processing state for pending changes is declared promptly in the Cloud Systems Management Module.

Displaying pending changes

You can view pending changes in the Manager. Here, manual and automatic provisioning processes are shown.

To display pending changes

  • Select the menu item Database | Pending changes.
Table 47: Meaning of the Icons in the Toolbar

Icon

Meaning

Show selected object.

Reload the data.

Retention Time for Pending Changes

Table 48: Configuration parameters
Configuration parameter Effect when set
QBM\PendingChange\LifeTimeError This configuration parameter specifies the maximum retention period (in days) for failed provisioning processes. Default is 30 days.
QBM\PendingChange\LifeTimeRunning This configuration parameter specifies the maximum retention period (in days) for open provisioning processes. Default is 60 days.
QBM\PendingChange\LifeTimeSuccess This configuration parameter specifies the maximum retention period (in days) for successful provisioning processes. Default is 2 days.

Pending changes are saved for a fixed period. After this period has expired, the entries are deleted by the DBQueue Processor from the tables QBMPendingChange and QBMPendingChangeDetail. The retention period depends on the status of provisioning processes and can be configured in the configuration parameter.

To configure the retention period for pending changes

  1. To change the retention period for successful provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeSuccess" in the Designer.
  2. To change the retention period for failed provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeError" in the Designer.
  3. To change the retention period for open provisioning processes, edit the value of the configuration parameter "QBM\PendingChange\LifeTimeRunning" in the Designer.
  4. Enter a retention period in days.

Reports about Objects in Cloud Target Systems

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for cloud systems.

NOTE: Other sections may be available depending on the which modules are installed.
Table 49: Reports for the Target System

Report

Description

Overview of all Assignments (Cloud target system)

This report finds all roles containing employees with at least one user account in the selected target system.

Overview of all assignments (Cloud container)

This report finds all roles containing employees with at least one user account in the selected container.

Overview of all assignments (Cloud group)

This report finds all roles containing employees with the selected group.

Show orphaned user accounts

This report shows all user accounts in the target system which are not assigned an employee. The report contains group memberships and risk assessment.

Show employees with multiple user accounts

This report shows all employees with more than one user account in the target system. The report contains a risk assessment.

Show unused user accounts

This report shows all user accounts in the target system that have not been used in the last few months. The report contains group memberships and risk assessment.

Show system entitlement drifts

This report shows all target system groups, which are the result of manual operations in the target system rather than provisioned through One Identity Manager.

Show user accounts with an above average number of system entitlements

This report contains all user accounts in the target system with an above average number of group memberships.

Cloud target systems user account and group administration

This report contains a summary of user account and group distribution in all cloud target systems. You can find this report in My One Identity Manager.

Cloud Target Systems Data Quality Summary

This report contains different evaluations of user account data quality in all cloud target systems. You can find this report in My One Identity Manager.

Related Topics
Related Documents