tutorial:adm:force_provisioning_for_roles

Provisioning - how to force provisioning for roles

This feature is in module extras only
When we assign system role and processor is all set up already - it will do create and right after update provisioning!

We have a system, where we need to send all roles, that user actually has in IDM. This solution is designed to configure system id for which we will provide all roles, that account has. It basically switches off incremental provisioning and force provisioning whenever role request for our configured system appears.

1) First of all, we need to create an identity which will be on our system - it can be done by creating system role and giving it to our identity - see this tutorial for adding a role to identity: Role assignment - changing roles of users manually

2) The processor is by default off, so we need to start it! To do so go to Settings → Modules → Processors

3) Here we need to find processor extras-role-request-identity-system-processor and in the right click to activate. See the following picture

4) We need to set configuration

  • go to settings → configuration
  • add the new property as shown in the image - Key: idm.sec.extras.configuration.systemId , value: your system UUID

Now we are finished! Test it and add a new role to your identity