Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Process plan properties

Table 132: Process Plan Properties
Property Meaning
Name Name of the process plan. Translate the given text using the button.
Table Base object (table) for which the process plan will run.
Event Event to be executed. All base object events are listed for new process plans.
Activation schedule

Schedule that contains the execution time for the process plan.

NOTE: Create a new schedule using next to the menu.

For detailed information about schedules, see the One Identity Manager Operational Guide.

Max. execution time Enter the number of hours after which the process plan should automatically quit.
Description Enter a detailed description of the process plan.
Condition

Limiting condition for elements to which the scheduled task will be applied. The input must satisfy the "WHERE clause" database query syntax.

Parameter List of parameters of a parameter collection that are set when the process is generated from this process plan.
Related Topics

Overview of process components

Process components and their process tasks form a framework that all process steps can be based on. The tables Jobcomponent, JobTask and Jobparameter define the complete range of One Identity Manager’s own process components and process task with the associated parameters.

Process tasks are used to carry out single basic jobs at system level, for example, adding directories. A process component consists of one or more process tasks and its parameters.

When a process is created, the parameter templates for the process task are copied and entered in the process step. This means that every process step that uses this process task can pass other parameter values. The original is not altered.

NOTE:The information available for the process components is added through migration and cannot be edited.

To obtain a complete overview of process components and their process tasks and parameters

  • Select the Documentation | System configuration reports category and the Process components report in Designer.

To display individual process components and their process tasks and parameters

  • Select the Process Orchestration | Process components category in Designer.

The following table contains short descriptions of the process components.

NOTE: Additional process components may be available depending on which modules are installed.
Table 133: Short Descriptions of Process Components
Component Description
AutoUpdateComponent This process component maps the One Identity Manager Service built-in-tasks.
CommandComponent This process component runs any command.
DelayComponent This process component controls the start time of the following process steps.
FileComponent This process component creates, deletes, copies and modifies file and directories and also their access permissions.

The RSync program is a prerequisite for using the process component on Linux operating systems.

The XCacls program is a prerequisite for setting permissions. You can find this in the your server installation resource kit.

FtpComponent This process component can transfer file by FTP.
HandleObjectComponent This process component runs default and custom events for database objects. Each assigned default process is generated as in the front-ends. The component also makes it possible to initiate so called CustomEvents for triggering object related generation of a special process.
LogComponent This process component is used to log messages, for example, in the result log.
MailComponent This process component can send emails.
PowerShellComponent This process is used for calling Windows PowerShell. Version 2.0 of Windows PowerShell must be installed.

PowershellComponentNet4

This process is used for calling a .NET 4 Windows PowerShell. A version of Windows PowerShell later than 2.0 must be installed.

ProjectorComponent This process component contains tasks for synchronizing and provisioning data with the One Identity Manager database.
ReportComponent This process component can create reports and export them in various file formats.
ScriptComponent This process component run the scripts from the assemblies.
SQLComponent This process component runs SQL queries and can be used to determine the number of data records and the existence of data records.
ZipComponent This process component creates or unpacks ZIP files.
Detailed information about this topic

Properties of process components, process tasks and parameter templates

Table 134: Process Component Properties
Property Meaning
Display name Name of component for displaying.
Component class Component class.
Assembly name Name of the component.
Description Description of component functionality.

Remarks

Additional remarks about the process component.
Max. instances

This value specifies the maximum number of instances in which this process component is allowed to run in a queue in the Job server.

Permitted values:

  • -1: All instances of this process component are processed sequentially.

    It must be ensured that these components are run exclusively on one Job server, which means no other queue can exist to process these components.

  • 0: All instances of this process component can be processed simultaneously.
  • 1 or greater: The exact number of instances of a process component, which are processed simultaneously.

NOTE: The value is only used if the maximum number of instances of a process task is set to 0. Otherwise, the value applies that is set for the process task.

Configuration Definition of possible additional options for the component in XML syntax.
Table 135: Process Task Properties
Property Meaning
Name Name of the process task.
Operating system class Specifies the operating system on which the process task can be run. The Win32, Linux and ALL values are permitted, where the ALL value specifies that this process task is used on any operating system.
Execution type

The execution type specifies whether the process components for the process task should be executed internally in One Identity Manager Service (Internal) or externally in a separate process (External).

Description Description of the process task.
Max. instances

This value specifies the maximum number of instances that can be run by One Identity Manager Service in parallel per process task.

Permitted values:

  • -1: All instances of this process task are processed sequentially.
  • 0: The maximum number of instances given for the process component is used.
  • 1 or greater: The exact number of instances of a process task, which are processed simultaneously.
Last step in the partial process tree Specifies whether a process task is principally marks the end of a partial process tree.
Component Process component to which the process function belongs.

Direct database connection required

Specifies whether a process task requires a direct database connection.

Exclusive per object

Specifies whether execution of the process task is done exclusively per object. If this option is set, only one specific object is ever executed for a process step with this process function. There is no parallel processing.

Table 136: Parameter Template Properties
Property Meaning
Name Name of the parameter.
Value template Default template for finding values. When a parameter is added to a process step, the value template is taken from the parameter template. Define value templates in VB.Net syntax.
Value template (example) Example of the value template.
Description Description of the parameter.
Type

The IN, OUT and INOUT values are permitted.

Parameters of the OUT or INOUT type are parameters that a process component can use to output a value. This value is then available in all subsequent process steps in the process and can be used as a value for parameters of the IN type.

Optional Labels the parameter as a mandatory or optional parameter.
Hidden

This option specifies whether the parameter is shown in the One Identity Manager Service log file and in the Job Queue Info program. Values for hidden parameters are shown as <HIDDEN>.

NOTE: Users with the program function Option to see the values of hidden parameters in Job Queue Info (JobQueue_ShowHiddenParameters) can view the hidden parameters in the Job Queue Info. Assign the appropriate permissions group to the program function.

Encrypted Specifies whether the parameter is encrypted when it is passed.
Contains encrypted components Specifies whether encrypted sequences are contained in this value.
Process task Process task to which the parameter belongs.

Tracking changes with process monitoring

With the One Identity Manager it is possible to create a change history for objects and their properties.This can be used to fulfil reporting duties for internal committees and legal obligations for providing documentary evidence. Different methods can be used to track changes within the One Identity Manager. With this combination of methods, all changes that are made in the One Identity Manager system can be traced.

  • Recording changes to data

    Data changes can be recorded for add or delete operations on objects and up to and including changes to individual object properties.

  • Recording process information

    Recording process information allows all processes and process steps to be tracked while being processed by One Identity Manager Service.

  • Recording messages in the process history

    In the process history, success and error messages from handling each process step in the Job queues are recorded by the One Identity Manager Service.

All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25%. Otherwise performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived. For detailed information about archiving data, see the One Identity Manager Data Archiving Administration Guide

Detailed information about this topic
Related Documents