立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Administration Guide for Connecting to Cloud Applications

Mapping cloud applications in One Identity Manager Synchronizing cloud applications through the Universal Cloud Interface Provisioning object changes Managing provisioning processes in the Web Portal Mapping cloud objects in One Identity Manager
Cloud applications Container structures in cloud applications User accounts in cloud applications Groups and system entitlements in cloud applications Permissions controls in a cloud application
Base data for managing cloud applications Troubleshooting a cloud application connection Default project template for cloud applications Cloud system object processing methods Configuration parameters for managing cloud applications

Assigning default profiles to user accounts in Salesforce applications

Cloud applications such as Salesforce require a system entitlement with a specific type to be already assigned when new user accounts are created. To this purpose, a default profile is automatically assigned to cloud user accounts when they are created in One Identity Manager.

Prerequisites
  • Synchronization of a cloud application with the SCIM connector is set up in Universal Cloud Interface. When creating the synchronization project, the target product One Identity Starling Connect was selected and the One Identity Starling Connect synchronization project template was used.

  • The target system was initially synchronized.

  • Cloud application synchronization is set up in Cloud Systems Management Module.

  • The cloud target system was initially synchronized.

  • In the canonical name or display name of the cloud target system, the string Salesforce is used.

  • There is a Cloud system entitlement 2 to be used as the default profile. The system entitlement name is entered for this system entitlement (CSMGroup2.GroupName).

To change the default profile for new user accounts

  • In the Designer, edit the value of the TargetSystem | CSM | ApplicationType | Salesforce | DefaultProfileName configuration parameter and enter the name of the system entitlement 2, which is then assigned automatically to all new user accounts.

NOTE: By default, the mapping in Universal Cloud Interface is transferred to the cloud application by the vrtProfileFirst profiles~value property mapping rule in the user mapping. If the default profile in the cloud application is stored in a different schema property, adjust the property mapping rule accordingly.

TIP: If you do not want a default profile to be automatically assigned to new user accounts, disable the TargetSystem | CSM | ApplicationType | Salesforce | DefaultProfileName configuration parameter in the Designer.

Provisioning object changes

Changes to cloud objects can only be made in the Cloud Systems Management Module. Provisioning processes ensure that object changes are transferred from the Cloud Systems Management Module into the Universal Cloud Interface Module. By default, these object changes are then published in the cloud application by automatic provisioning processes. For certain cloud applications, automated interfaces for provisioning changes should not be implemented. Changes can be manually provisioned for cloud application like this. The manual provisioning processes are displayed over the Web Portal. Operators can transfer pending changes to the cloud application on the basis of this overview.

One Identity Manager logs the object changes as pending changes in separate tables. The QBMPendingChange table contains the modified objects and their processing status. The details of the changes, operations to run, time stamp and processing status are saved in the QBMPendingChangeDetail table. Pending changes are processed in the order in which they were created if provisioning is automatic. In the case of manual provisioning, the pending changes are listed in the order they were created in the Web Portal.

The processing status of an object is not set to successful until all associated changes for this object have been successfully provisioned. An object's processing status is set as failed if all associated changes have been processed and at least one them has failed.

Detailed information about this topic

The provisioning sequence

The following visual shows how object changes are provisioned and how the pending changes associated with it are processed. The sequence is identical for automatic and manual provisioning processes and does not depend on whether the Cloud System Management and the Universal Cloud Interface modules are installed in the same or in separate databases.

Figure 3: Provisioning sequence for pending changes

By default, the Cloud Systems Management module is synchronized hourly with the Universal Cloud Interface. This ensures that the processing state for pending changes is declared promptly in the Cloud Systems Management Module.

Related topics

Displaying pending changes

You can view pending changes in the Manager. Here, manual, and automatic provisioning processes are shown.

To display pending changes

  • In the Manager, select the Database > Pending changes menu item.

Table 13: Meaning of the icons in the toolbar

Icon

Meaning

Show selected object.

Reload the data.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级