10.3:documentation:provisioning

Provisioning

Provisioning is the propagation of entities and their attributes to managed systems.

In the case of Identities, only those (users) with appropriate roles assigned (guaranteeing the account on the system) are provisioned.

Our robust provisioning implementation brings the following benefits:

  • Fully audited provisioning queue - Every push operation and its result is audited, and the audit is available to admins via GUI.
  • Retry mechanism - Provisioning queue pushes the data into managed systems. If the system encounters any problem or is currently offline, the data stays in a queue and tries the operation again in a while when the system is available.
  • Read-only systems - If the system is in a read-only mode, all operations are stored in a provisioning queue. Administrators can see changes, but nothing is sent. This is very useful for new managed system link-up, cutover, or debugging.
  • Disabled systems - Operations are stored in the provisioning queue, no transformation of attributes is computed as long as the system is not switched back into an enabled state.
  • Asynchronous systems - System can be switched to an asynchronous state. In that case, all operations are stored in a provisioning queue and then pulled from the queue by appropriate periodical scheduled task. This principle is very convenient for systems that handle requests slowly.

 Provisioning to multiple systems

When a system is flagged as asynchronous, read-only or disabled operations are placed into a provisioning queue. From the queue, operations are pulled either by a scheduled task or manually by admin in CzechIdM GUI.

 AD Provisioning queue

Read more