Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Handling processes in One Identity Manager

One Identity Manager uses so called 'processes' for mapping business processes. A process consists of process steps, which represent processing tasks and are joined by predecessor/successor relations. This functionality allows flexibility when linking up actions and sequences on object events.

So-called process tasks are used to perform single elementary tasks at system level, for example, adding a directory. A process component consists of one or more process tasks and its parameters. Process components are defined in the tables Jobcomponent, Jobtask and Jobparameter along with their process tasks and parameters. Predefined configurations are maintained by the schema installation and cannot be edited apart from a few properties.

Processes are modeled using process templates. A process generator (Jobgenerator) is responsible for converting script templates in processes and process steps into a concrete process in the ’Job queue’.

One Identity Manager Service, a service running on the target system, collects the process steps from the Job queue. The process steps are executed by process components in the target system. The One Identity Manager Service also creates an instance of the required process component and transfers the process step parameters. Decision logic monitors the execution of the process steps and determines how processing should continue depending on the results of the executed process components. The One Identity Manager Service enables parallel processing of process steps because it can create several instances of process components. The One Identity Manager Service is the only One Identity Manager component authorized to make changes in the target system.

The following illustration shows a chain of process steps with which you can add an employee, set up an Active Directory user account for him or her and finally add a mailbox.

You can reproduce this sequence in a process. However, you can also define entry points for other processes. The entry point of process1 results in the creation of an employee with an Active Directory user account and mailbox. The entry point of process 2 only results in the creation of an Active Directory user account with a mailbox.

Figure 31: Creating a Single Process by Linking Process Steps

Related Topics

Editing processes with the Process Editor

You can edit processes in Designer using the Process Editor. In the Process Editor, a process is combined with its process steps in a process document. The process is displayed and controlled by means of special control elements.

Figure 32: Representing a Process in the Process Editor

When you add a new process, an initial process document with one process element is created. When you add a process step, the associated process step element is created.

Individual elements are linked to each other with a connector. Activate the connection points with the mouse.

  • To create a connection, click on a connection point, hold down the left mouse button and pull a connector to the second connection point.
  • To delete a connection, select a connection end-point again by clicking with the mouse. Confirm the security prompt with OK.

Double-click on the process or process step element to open the respective edit view, where you can make your changes.

Each element has a tooltip. A process element's tooltip displays the name and description of the process. A process step element's tooltip displays the name and description of the process step as well as the description of the process function used.

Each element contains a quick access menu bar. The icons represent special properties of processes or process steps. The icon's tootip shows more detailed information about a property. Double-click on a icon to open the edit view of the process or process step and jump to the corresponding property.

Table 113: Quick Access Icons
Icon Meaning
Events are defined.
Process is not generated.
Process in wait mode on error.
Processing is split. The connection point on error and the connector to the subsequent process step are colored yellow.

Runtime errors are ignored. The connection point is colored gray on error. No process step is possible on error.

If an error occurs, no more process steps are handled for this process.
A generating condition exists.
Process information is enabled.
A script for selecting a server or server mask is entered.
Messaging on error and on success is enabled.

The process or process steps are customized. More information about the customizations is shown in a tooltip.

Some important properties are shown by the color of the element.

Table 114: Colors of Elements
Color Meaning
Blue Default.
Yellow The verification test resulted in a warning or information.
Red The verification test failed.
Gray The process is disabled.

You can drag and drop elements in the process document. Use Arrange in the context menu to reset the elements to their default positions. The position of each element is transferred to the One Identity Manager database when the entire process is saved. The layout is therefore available to all users when you restart the Designer.

Defining processes

IMPORTANT: The process and process steps are not created until the entire process is saved in the One Identity Manager database. After this, other users can use the Process Editor to make changes to the process.However, it cannot be generated yet. The process has to be compiled before it can be generated.

You can modify default processes to meet your requirements, if necessary. To add further process step to a process, create a custom process.

The following steps are required to set up a process

  1. Create up a process.
  2. Specify which events to trigger.
  3. Create the process steps.
  4. Edit the parameters.
  5. Test the process.
  6. Compiles the process.
Related Topics

Creating and editing processes

To edit an existing process

  1. Select the process in Process Orchestration in Designer.
  2. Start the Process Editor using Edit process.

    The process is opened in the Process Editor.

To create a new process

  1. In the Designer, select the Process Orchestration category.
  2. Start Process Editor using Create a new process.

    This makes a new element for the process and opens it in the Process Editor.

Related Topics
Related Documents