Chat now with support
Chat with Support

Identity Manager 8.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Checking the validity of a process

NOTE: Before you compile a process, you should carry out a validity check of the process and process steps.

To check a process

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Select the Process > Error checking menu item.

    The result of the check is displayed in the Validity check view and is retained until the next check.

    Table 81: Icons used in the validity check
    Icon Meaning

    No errors found.

    Errors.

    Warning, Information.

TIP:

  • Process or process step controls are highlighted in yellow to indicate a warning or information. If errors occur, the process or process step controls are highlighted in red.

  • Double-click an error message in the Validity check view to jump to the corresponding entry in the process.

Table 82: Possible reasons for process failure
Error category Possible cause

Errors

The process does not have a name.

No base object given.

The generating condition does not correspond to required notation (value =).

Warning

The process does not have a base process step.

The process has no event.

Information

The option Do not generate is set.

Table 83: Possible reasons for process step failure
Error Category Possible Cause

Errors

The process step does not have a name.

No process task assigned.

The given generating condition does not correspond to required notation (value =).

No executing server specified (server selection script or server mask).

Process step name not unique.

Process step has no parameters.

The given parameter value does not correspond to required notation (value =).

The two process step properties Ignore errors and Wait mode on error are set. The process step is never repeated because all errors are ignored.

The two process step properties Ignore errors and Stop on error are set. The process step never goes into a FROZEN state because all errors are ignored.

The two process step properties Ignore errors and Split processing are set. The split error is never processed.

Warning

Process step not linked into the process.

The two process step properties Split processing and Wait mode on error are set and no retries are defined. If errors occur, the process step is stopped immediately and therefore processing does not split off.

Related topics

Compiling processes

Once you have created, imported, or made changes to a process, you need to compile it. The process cannot be generated until it has been compiled.

NOTE: Before you compile a process, you should carry out a validity check of the process and process steps.

Compiling takes place for each base object, that means that all processes that belong to a base object are translated. The assemblies are created and placed on the workstation where generating will take place. During translation, the source is checked for errors. This process may required some time.

There are two methods for compiling a process in the Process Editor:

Local compiling

Use this method to compile a process for testing.

To compile a process for testing

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Select Process > Compile from the menu.

Compiling and saving assemblies to the main database

If the process has been test compiled, use this method to add assemblies that are generated into the main database after compiling the process. Once the changes have be integrated the altered processes are immediately available in the system.

To compile a process and save the assemblies to the main database

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Select Process > Compile and save to database from the menu.

Displaying errors

Error messages during compiling are displayed in Compiler errors. The source code is displayed if errors occur during compilation. This view is only for displaying the source code. It cannot be edited here.

NOTE:

  • If several users edit processes of the same base object, any error messages are also sent to other users. However, these cannot be changed by the current user.

  • Double-clicking the error message in the Compiler errors view takes you straight to the corresponding line in the process. Here, you can edit it.

  • Double-clicking the error message in the Compiler errors view takes you straight to the corresponding row if the source code view is activated.

Related topics

Using process-specific and global variables for the process definition

Process specific variables are local data spaces when a process is generated. They are used for determining values on a once-off basis within a pre-script, which can then be made further use of within the processes and their processes steps, for example, in generating conditions, server selection scripts or in the parameters.

NOTE: It is recommended only to set process specific variables in the pre-script and to have read access to them during further usage.

Pre-script syntax

values("Name") = "value"

Usage in the process and process step code sections

Value = values("Name")

Process generation can be controlled using additional global variables, which are made available through the Session object. These variables are valid as long as the session is active. All environment variable and custom variables defined for the Session object can be used in addition to predefined variables. Custom global variables can be defined through scripts, methods, or customizers, for example, and used in the processes.

NOTE:

  • Global variables should only be used with read access in processes.

  • When a process is being handled, the generating pre-script is run first and then the generating condition is evaluated. It is recommended to evaluate global variables that are used in the generating condition in the pre-script as well. This can prevent unnecessary data access.

    If a custom session variable is defined, it must be removed again afterward. Otherwise it remains for the rest of the session and, in certain circumstances, the wrong processes can be generated.

Example:

The process should only be generated for a full synchronization. The Session variable FullSync is used for this. This variable can take the True and False values. The variable is available to all processes that are generated within full synchronization.

The variable is queried in the pre-script for generating and the generating condition. This way, loading of unnecessary objects is already prevented by running the pre-script.

Generating pre-script:

If CBool(Session.Variables("FULLSYNC")) Then

values("Name1") = "value1"

values("Name2") = "value2"

...

End If

Generating condition:

Value = CBool(Session.Variables("FULLSYNC"))

Related topics

Thresholds for handling processes

In order to prevent bulk modifications, you can specify how long each process can remain in the Job queue.

Prerequisites
  • If the warning threshold is exceeded, a message is sent by email to a specified recipient. The prerequisites for using the notification system are a SMTP host set up for sending mail and the activation of the configuration parameter for mail notification. For detailed information about configuring the email notification, see the One Identity Manager Installation Guide.

  • In the Designer, check the Common | MailNotification | NotifyAboutWaitingJobs configuration parameter and enable this configuration parameter if necessary. If the configuration parameter is enabled, an email notification is sent if processes with the Overlimit status occur and a corresponding entry is created in the update server’s event log.

To define thresholds

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Click on the element for the process in the process document.

  4. In the Process properties view on the in the General tab, edit the following information.

    • Threshold value (warning): Enter the maximum number of these processes for a queue that can be present at the same time. A warning is sent if the number is exceeded. The One Identity Manager Service continues handling processes all the same.

    • Threshold value (disable): Enter the maximum number of these processes for a queue that can be present at the same time. If the disable threshold is exceeded, the affected processes in the Job queue are set to the Overlimit status. These processes are no longer collected by the One Identity Manager Service for processing and remain in the Job queue.

      You can re-enable these processes in the Job Queue Info. For more information, see the One Identity Manager Process Monitoring and Troubleshooting Guide.

      TIP: You can use the SDK_SetLimitationCount_in_Jobchain database script to initially fill the threshold for the lock. You can find an example of a configuration file on the installation medium in directory QBM\dvd\AddOn\SDK\SQLSamples.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating