Chat now with support
Chat with Support

Identity Manager 8.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Comparing processes

To find differences between two processes

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Select the Process > Compare processes menu item.

    The current process is already selected as Process A.

  4. Select the process to compare it with in the Process B menu.

  5. (Optional) use the button to specify which process properties you want to include in the comparison. By default, all the properties of the processes, process steps and events are compared.

  6. Start the comparison with .

    Differences in the processes are highlighted in the output text.

    TIP: Mark the text and click the button to copy the text to the clipboard.

Exporting and importing processes

Exporting and importing processes is implemented through XML files.

To export a process to an XML file

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Select the Process > Export menu item.

  4. Enter the file name and click Save.

To import a process from an XML file

  1. In the Designer, select the Process Orchestration category.

  2. Start the import with the Import process task.

  3. Select the XML file and click Next.

    The process is opened in the Process Editor.

Related topics

Process properties

Table 74: Properties of a process
Property Meaning

Name

Name of the process. The name of the process must be unique. Label custom processes with the CCC_ prefix.

Table

The process is generated on the event from this base object (table).

Description

Additional description of the process.

Remarks

Additional remarks about the process.

Process

Process UID. These cannot be edited.

Process information

Specifies whether this process is logged. Logging is performed depending on the Common | ProcessState | ProgressView configuration parameter.

Permitted values are:

  • None: The process information is not logged.

  • Full process tracking: The process information is recorded and displayed in the Manager.

  • Web Portal tracking: The process information is logged and displayed in the Manager and in the Web Portal.

Process information term

VB.Net expression for displaying the display name in the process view.

Pre-script for generating

The pre-script is run before other scripts are run. You can find global variables with a pre-script or define process specific variables that can then be used within the process and process steps, for example, in generating conditions, sever selection scripts or parameters.

NOTE: When a process is being handled, the generating pre-script is run first and then the generating condition is evaluated.

Generating condition

Define a condition in VB.Net syntax for the process step, which is used to decide whether the process is generated. If a generating condition is given, the process is only generated if the condition is fulfilled.

You can find an example scripts on the installation medium in QBM\dvd\AddOn\SDK\ScriptSamples.

Do not generate

Use this option to decide whether a process will be generated. If the option is set, the process will not be generated and cannot be compiled.

NOTE: If the option for processes is activated, this option also remains activated during a schema update and is not reset.

Preprocessor condition

You can specify a preprocessor condition for a process for conditional compiling. A process is only available, therefore, if the preprocessor condition is fulfilled.

Disabled by preprocessor

If a process step is disabled by a preprocessor condition, the option is set by the Database Compiler.

Threshold (warning)

Maximum number of processes for a queue that can be present at the same time. A warning is sent if the number is exceeded. The One Identity Manager Service continues handling processes all the same.

Threshold (disable)

Maximum number of processes for a queue that can be present at the same time. If this number is exceeded, other processes are set to the Overlimit status and are not processed by the One Identity Manager Service.
Related topics

Process step properties

Table 75: General process step properties
Property Meaning

Name

Name of the process step.

Process task

Process task to run for the process component. When you select a process task you define which action is run by the process step. The process task parameter templates are copied to the process step as parameters. This means that every process step that uses this process task can pass other parameter values. The original is not altered.

Description

Additional description of a process step.

Priority

The priority sets the precedence in the Job queue for adding and processing the process step. The values 1 to 15 are allowed. The higher the value, the sooner the process step will be processed.

Priority definition

VB.Net expression for determining the priority depending on the contents of the process.

If a process step contains a script for dynamically determining the priority, the script is used. Otherwise, a predefined priority is set.

Example:

Password changes to a user account should be run with a higher priority (in the example 7), changes to other main data with priority 3.

If $UserPassword[o]$ <> $UserPassword$ Then

Value = 7

Else

Value = 3

NOTE: The field is not visible when you open the process step in the Process Editor. Click next to Priority to show the field.

Process information

Specifies whether this process is logged. Logging is performed depending on the Common | ProcessState | ProgressView configuration parameter.

Permitted values are:

  • None: The process information is not logged.

  • Full process tracking: The process information is recorded and displayed in the Manager.

  • Web Portal tracking: The process information is logged and displayed in the Manager and in the Web Portal.

Process information term

VB.Net expression for displaying the display name in the process view.

Depth of detail

Severity level for mapping process information.

Notification (success)

Specifies whether notification is sent on success.

Notification (error)

Specifies whether notification is sent on error.

Pre-script for generating

The pre-script is run before other scripts are run. You can find global variables with a pre-script or define process specific variables that can then be used within the process, for example, in generating conditions, sever selection scripts or parameters.

Generating condition

Define a condition in VB.Net syntax for the process step, which is used to decide whether the process step is generated. If a generating condition is given, the process step is only generated if the condition is fulfilled.

Preprocessor condition

You can specify a preprocessor condition for a process step for conditional compiling. A process step is, therefore, only available if the preprocessor condition is fulfilled.

Disabled by preprocessor

If a process step is disabled by a preprocessor condition, the option is set by the Database Compiler.

Server function

Specifies the server types for this process step. Specifies the permitted server types for this process step. The selection must lead to a unique result, for example SQL processing Server.

Script for server selection

If it is not possible for the Job Generator to decide which server to use based on the server function, you can use a selection script in VB.net syntax for more a detailed evaluation.

Wait mode on error

If a specific condition is not fulfilled at a particular point in the process step, One Identity Manager Service can repeat the process step. Setting this option results in the process step being re-run depending on latency and retries.

Latency (mins)

Latency period in minutes. Number of minutes a process step, if it has failed, is deferred until the next retry.

Retries

Number of retries.

Split processing

Process steps that are only required for branching the process are labeled with this option. An example could be a process step that checks for the existence of a directory. Depending on the result returned, the next step to be processed is either the next step on success or the next step on error, without generating an error message.

Ignore errors

Specifies whether runtime errors are ignored. In this case the following process step is still carried out despite the previous step not being correctly processed.

Stop on error

If an error occurs when a process step is processed, the process step remains in the job queue and is given the Frozen status. In this case, no more process steps are collected for processing and they remain in the Job queue. You can re-enable the process steps that have the Frozen status in Job Queue Info program. For more information, see the One Identity Manager Process Monitoring and Troubleshooting Guide.

If the Common | MailNotification | NotifyAboutWaitingJobs configuration parameter is enabled, an email notification sent is sent in addition if processes with the Frozen status occur, and a corresponding entry is generated in the event log of the update server. Prerequisites for using the notification system is an SMTP host set up for sending mail and activation of the configuration parameter for mail notification.

Process steps that are generated by SQL from the database, can always be labeled with the Stop on error option. You can configure this behavior in the Common | DBJobCreateWithFreeze configuration parameter.

Log errors to journal

If this option is set, the error message from process handling is logged to the system journal. Error messages from process handling can be recorded in the process history.

Log mode

You can enable an extended logging mode for process step messages in Job Queue Info.

Use this logging mode to provide individual processing steps with continuous extended logging. Use the Always value to log the messages of the process step on success and on failure. Use the value Error to log the messages of the process step on failure only.

Process History

Specifies whether process step notification is written to the process history.

DBQueue does not wait

Specifies whether or not to wait until the process step has been processed before continuing to process DBQueue Processor tasks. It is only necessary to wait for process steps if a process step could change data that is relevant to the DBQueue Processor tasks.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating