Project

General

Profile

Feature #488

Updated by Marcel Poul about 6 years ago

Make a report in "implemented reports" module. The report will be available in CSV, JSON, XLSX formats. It will consist In provisioning queue on provisioing detail of all entities (e.g. Identities) and its attributes (after transformation) that has different values then the value of corresponding account in the connected system. 

 e.g. if some object, there exist in CzechIdM the identity with login "xnovak" and firstName "Petr Pavel" and its corresponding account in LDAP has firstName "Petr", then the report will contain this change. 

 Be aware that the value that is to be compared on the IdM side is the value after the PROVISIONING transformation like this:  

 FirstName (IdM) -> Transformations of attributes(IdM) *VERSUS* firstName (MS AD). 

 Also bare in mind that info about attributes in connected system are computed 0 or more IdM, attributes in IdM. e.g.  

 FirstName + SurName (IdM) -> Transformation (IdM) -> DisplayName (MS AD) 

 There are also some attributes that are not easy sent to compare, system (after transformation), but are necessary no info about reall diff, what will be sent to the system. It would be OK if this information is available in the report. That is especially: *member in AD/LDAP group* - cruacial for us.   

 MAIN USECASES: 
 * When a connected and easily to find somewhere else.  

 We need this feature, when we switch managed system e.g. MS AD is to be switched from ReadOnly RO to ReadWrite we would like to see all RW in production.    We need list of changes    on all provisioned entities (usually Identities). 
 * Report can that will really be sent to administrator of connected managed system and he can change after we swich it to RW.  

 We usually go through the data or approve that IdM can overwrite list with the values there. customer admins and make sure all changes are OK... Most critical are changes on memberOf in LDAP/AD i.e. managing user's groups in those systems.

Back