Account Management account uid identity

Basic account management is used for all entities that support provisioning. Identities utilise more complex account management, relying on roles assignments.

If an entity supports basic account management, then the method ProvisioningService.accountManagement is executed when the entity has been created/updated.

Provisioning ensures the following:

1. Finds all systems with the provisioning mapping for this entity type.
2. Generates the account identifier uid for this entity.
3. For all found systems, checks whether or not an account with the same uid already exists. If so, then this method comes to an end.
4. For all found systems, checks if the mapping includes the script 'Can an account be created?'. If this script is filled, it is executed. If the script returns Boolean.FALSE, then an account on this system is not created (this method comes to an end).
5. Account on the system is created (AccAccount).
6. A relation between the created account and the entity is created, too.
   

Account management is carried out when triggered by events that impact accounts on the end system. These events may include:

• creation/modification/deletion of an identity.
• creating/modifying/deleting the assigned role to a given identity.
• creating/modifying the definition of mapping the attributes for a role.

By default, if there is a contract that is valid in the future, and you assign a role to this contract (assigning a system), this assigned role is then discarded (not currently valid) during account management. That is, no accounts are created on end systems. This behavior constitutes the default and correct result.

In some cases, however, you need to create an account on an end system before a respective contract becomes valid (for example, when a new employee is expected to arrive). As a solution to this requirement, you can use forward identity account management.