Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Process step properties

Table 120: General process step properties
Property Meaning
Name Name of the process step.
Process task

Process task to execute for the process component. When you select a process task you define which action is executed by the process step. The process task parameter templates are copied to the process step as parameters. This means that every process step that uses this process task can pass other parameter values. The original is not altered.

Description Additional description of a process step.
Priority The priority sets the precedence in the Job queue for adding and processing the process step. The values 1 to 15 are allowed. The higher the value, the sooner the process step will be processed.

Priority definition

VB.Net expression for determining the priority depending on the contents of the process.

If a process step contains a script for dynamically determining the priority, the script is used. Otherwise, a predefined priority is set.

Example:

Password changes to a user account should be executed with a higher priority (in the example 7), changes to other master data with priority 3.

If $UserPassword[o]$ <> $UserPassword$ Then

Value = 7

Else

Value = 3

The text box is not visible when you open the process step. Click next to Priority to show the text box.

Process information

Specifies whether this step is logged. Logging is performed depending on the Common | ProcessState | ProgressView configuration parameter.

Table 121: Permitted values

Value

Description

none

The process information is not logged.

Full process tracking

The process information is logged and displayed in the Manager.

Web Portal tracking

The process information is logged and displayed in the Manager and in the Web Portal.

Process information term

VB.Net expression for displaying the display name in the process view.

Depth of detail

Severity level for mapping process information.

Notification (success) Specifies whether notification is sent on success.
Notification (error) Specifies whether notification is sent on error.
Pre-script for generating

The pre-script is executed before other scripts are run. You can find global variables with a pre-script or define process specific variables that can then be used within the process, for example, in generating conditions, sever selection scripts or parameters.

Generating condition Define a condition in VB.Net syntax for the process step, which is used to decide whether the process step is generated. If a generating condition is given, the process step is only generated if the condition is fulfilled.
Preprocessor condition

You can specify a preprocessor condition for a process step for conditional compiling. A process step is, therefore, only available if the preprocessor condition is fulfilled.

Disabled by preprocessor If a process step is disabled by a preprocessor condition, the option is set by the Database Compiler.
Server function Specifies the server types for this process step. Specifies the permitted server types for this process step. The selection must lead to a unique result, for example SQL processing Server.
Script for server selection If it is not possible for the Job Generator to decide which server to use based on the server function, you can use a selection script in VB.net syntax for more a detailed evaluation.
Wait mode on error If a specific condition is not fulfilled at a particular point in the process step, One Identity Manager Service can repeat the process step. Setting this option results in the process step being re-run depending on latency and retries.
Latency (mins) Latency period in minutes. Number of minutes a process step, if it has failed, is deferred until the next retry.
Retries Number of retries.
Split processing Process steps that are only required for branching the process are labeled with this option. An example could be a process step that checks for the existence of a directory. Depending on the result returned, the next step to be processed is either the next step on success or the next step on error, without generating an error message.
Ignore errors Specifies whether error are ignore during execution. In this case the following process step is still carried out despite the previous step not being correctly processed.
Stop on error

If an error occurs when a process step is processed, the process step remains in the job queue and is given the Frozen status. In this case, no more process steps are collected for processing and they remain in the Job queue. You can re-enable the process steps that have the Frozen status in Job Queue Info program. For more detailed information, see the One Identity Manager Process Monitoring and Troubleshooting Guide.

If the Common | MailNotification | NotifyAboutWaitingJobs configuration parameter is enabled, an email notification sent is sent in addition if processes with the Frozen status occur, and a corresponding entry is generated in the event log of the update server. Prerequisites for using the notification system is an SMTP host set up for sending mail and activation of the configuration parameter for mail notification.

Log errors to journal

If this option is set, the error message from process handling is logged to the system journal. Error messages from process handling can be recorded in the process history.

Log mode

You can enable an extended logging mode for process step messages in Job Queue Info.

Use this logging mode to provide individual processing steps with continuous extended logging. Use the Always value to log the messages of the process step on success and on failure. Use the value Error to log the messages of the process step on failure only.

Process History

Specifies whether process step notification is written to the process history.

Related Topics

Process step parameters

When you select a process task you specify which action will be executed by the process step. The process task parameter templates are copied to the process step as parameters. This means that every process step that uses this process task can pass other parameter values. The original is not altered.

Compulsory parameters are immediately entered into the process step when the process task is selected.Then, you need to enter any optional parameters individually. When a parameter is added, the value template is copied from the parameter template. Templates for parameter values are mostly predefined, for example, procedures that evaluate object UIDs and note them accordingly.

Detailed information about this topic

Editing parameters

To edit process step parameters

  1. Select the process in the Process Orchestration category in the Designer.
  2. Start the Process Editor using Edit process.
  3. Click on the element for the process step in the process document.
  4. Select the Parameter view.

    This displays all the parameters defined for the process.

  5. Check whether the required parameters are assigned and edit the parameters.

    You can add, delete or edit parameters from the toolbar.

    TIP: Click an entry to edit the parameter value directly.

    Table 122: Meaning of Icon Used
    Icon Meaning
    Mandatory parameter of the process task.
    Optional process task parameter which is assigned to a process step.
    Optional process task parameter which is not assigned to a process step.
    Related Topics

Properties of process step parameters

Table 123: Properties for parameters
Property Meaning
Name

Name of the parameter.

NOTE: You should not change the name of a parameter. The special parameters of the HandleObjectComponent process component are an exception to this rule.

Hidden

This option specifies whether the parameter is shown in the One Identity Manager Service log file and in the Job Queue Info program. Values for hidden parameters are shown as <HIDDEN>.

NOTE: Users with the program function Option to see the values of hidden parameters in Job Queue Info (JobQueue_ShowHiddenParameters) can view the hidden parameters in the Job Queue Info. Assign the appropriate permissions group to the program function.

Encrypted

Specifies whether the parameter is encrypted when it is passed if the database is encrypted. Encrypted parameters are shown as <hidden> in the One Identity Manager Service log file and in the Job Queue Info program.

NOTE: If the option is already set in the parameter template, the parameter must also be encrypted when it is passed.

Contains encrypted components Specifies whether encrypted sequences are contained in this value. Use this option, if partially encrypted sequences such as passwords are to be passed in complex parameters, for example Windows PowerShell scripts. Encrypted parts of a parameter are shown as <Hidden> in the One Identity Manager Service log file and in the Job Queue Info program.
Value template

Define value templates in VB.Net syntax. When a parameter is added, the value template is copied from the parameter template.

TIP: To restore the default value template, select the button in View | Parameter and click the Template button in the Edit parameters view.

Type

Type of parameter. The IN, OUT and INOUT values are permitted.

Parameters of the OUT or INOUT type are parameters that a process component can use to output a value. This value is then available in all subsequent process steps in the process and can be used as a value for parameters of the IN type.

Related Topics

 

Related Documents