Project

General

Profile

Actions

Feature #1260

open

Allow to specify provisioning dependency for systems and operations

Added by Alena Peterová over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
Vít Švanda
Category:
Provisioning
Target version:
-
Start date:
09/19/2018
Due date:
% Done:

0%

Estimated time:
Owner:

Description

The aim of this feature is to specify dependency of provisioning operations: "Create account on system A only if the creation of account on system B was already successful", "Change login on system A only if changing login on system B was already successful", "Delete account from system B only if the account was already deleted on system A"

Several use-cases and examples of systems:

  • AD + home directory + Exchange
    IdM creates accounts in AD (by AD connector), it creates the home directories for users (by PowerShell connector) and/or Exchange mailboxes (by PowerShell connector). The home directory and mailbox can be created only if AD account already exists. So creating PS accounts must depend on creating AD accounts.
  • AD + Kerio Connect
    Kerio supports AD authentication for its mail accounts, if the account was imported from AD. So when we create the account in Kerio, the account in AD must already exist (so it can be imported).
    On the other hand, deleting Kerio accounts must precede deleting AD accounts, otherwise the operation in Kerio fails.
    Therefore, we need to specify different order of provisioning operations for Create operation and different for Delete operation

Related issues

Related to IdStory Identity Manager - Task #1669: How to use WinRM connector together with AD connectorClosedRoman Kučera05/20/2019

Actions
Actions #1

Updated by Roman Kučera almost 5 years ago

  • Related to Task #1669: How to use WinRM connector together with AD connector added
Actions

Also available in: Atom PDF