9.2:documentation:provisioning

Provisioning

Provisioning is the propagation of entities and their attributes to managed systems.

In case of Identities, only those (users) with appropriate role assigned (guaranteeing the account on the system) are provisioned.

Our robust provisioning implementation bring following benefits:

  • Fully audited provisioning queue - Every push operation and its result is audited and audit is available to admins via GUI.
  • Retry mechanism - Provisioning queue pushes the data into managed systems. If the system encounters any problem or is just offline, the data stay in queue and tries the operation again in a while until the system is available.
  • Read only systems - If the system is in read only mode, all operation are stored in provisioning queue. Administrator can see changes, but nothing is sent. This is very useful for new managed system link-up and cutover or e.g. debugging.
  • Disabled systems - Operations are stored in the provisioning queue, no transformation on attributes is computed until the system is switched back into enabled state.
  • Asynchronous systems - System can be switched to asynchronous state. In that case, all operations are stored in the provisioning queue and then pulled from queue by appropriate periodical scheduled task. This principal is perfect for systems that handles requests slowly.

 Provisioning to multiple systems

When system is flagged as asynchronous, read only or disabled. Operations are placed into provisioning queue. From the queue operations are pulled either by scheduled task or manually by admin in CzechIdM GUI.

 AD Provisioning queue

Read more