Skip to main content
Skip table of contents

Manual Provisioning Policies

Definition

A Manual Provisioning Policy allows to define that manual provisioning or deprovisioning Workflow is launched when the Role assignment status changes.
The configuration of a Role Request Policy is divided into 3 parts:

  • Classic properties of a configuration of a XML (version, encoding, kit DataSet...)

  • The Workflow Strategies that define which:

    • Provisioning/Deprovisioning Workflows to launch to validate the manual provisioning

    • Dimensions can be displayed

    • Dimensions can be updated

  • The Worfklow Action to configure notifications.

The manual provisioning Workflow can be launched when:

  • the role/super role is assigned to a user (manually or by policy)

  • the role assignment status changes from DELAYED to ASSIGNED

  • updating a role assignment

  • the role assignment is unfrozen

The manual deprovisioning Workflow can be launched when:

  • the role assignment status changes from ASSIGNED to DELETED

Configuration

You can access the Manual Provisioning Policy configuration :

  • by clicking on "Portal" → “Manual Provisioning Policies

  • by clicking on "System" → "Configurations" → "Business Model" and perform an import/export.

Properties

Properties name

Type

Mandatory

Description

Values (default value in bold)

id

String

YES

The id is the unique identifier of the Manual Provisioning Policy. 

It is case sensitive and no special characters (except - or _) are allowed.

-

name

String

YES

The Manual Provisioning Policy name.

The name may be different from the identifier.
Must be at least 4 characters long.

-

description

String

NO

Allows to describe the purpose of the Manual Provisioning Policy.

-

priority

Integer

NO

Used to indicate the priority between several configured Manual Provisioning Policies on the same object type.

0, 1, 2...

active

Boolean

NO

Used to define if the Manual Provisioning Policy is activated or not.

true, false

scope

-

YES

Allows to configure on which Role the Manual Provisioning Policy will be applied.

-

workflowStrategyForCreate

workflowStrategyForUpdate

workflowStrategyForDelete

RoleWorkflowStrategy

YES

Used to indicate the Workflow Strategy used for manual Provisioning.

It is the same configuration as in Role Request Policy.

-

Example

Manual Provisioning Policy Example
XML 
<?xml version="1.0" encoding="UTF-8"?>
<kit:DataSet xmlns:atlastcf="http://www.memority.com/atlas/tcf/1_0" xmlns:ctd="http://www.memority.com/citadel/1_0" xmlns:ctdbpmn="http://www.memority.com/citadel/bpmn/1_0" xmlns:ctdbum="http://www.memority.com/citadel/bum/1_0" xmlns:ctdcore="http://www.memority.com/citadel/core/1_0" xmlns:ctdidm="http://www.memority.com/citadel/idm/1_0" xmlns:ctdrep="http://www.memority.com/citadel/rep/1_0" xmlns:ctdrule="http://www.memority.com/citadel/rule/1_0" xmlns:ctdtnt="http://www.memority.com/citadel/tnt/1_0" xmlns:i18n="http://www.memority.com/toolkit/addons/i18n/1_0" xmlns:kit="http://www.memority.com/toolkit/1_0" xmlns:maiaamcp="http://www.memority.com/maia/amcp/1_0" xmlns:netfilter="http://www.memority.com/toolkit/network-filtering/1_0" xmlns:rule="http://www.memority.com/toolkit/rule/1_0" xmlns:ruleaddon="http://www.memority.com/toolkit/addons/rule/1_0" xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <ctdbum:RoleAssignmentManualProvisioningPolicy id="manualProvisioningAppPolicy">
      <name>Manual Provisioning Policy - Role applicatif</name>
      <description></description>
      <priority>0</priority>
      <active>true</active>
      <scope type="EXPRESSION" objectKind="ROLE">
         <searchExpression/>
         <objectTypes>
            <objectType>application</objectType>
         </objectTypes>
      </scope>
      <workflowStrategyForCreate xsi:type="ctdbum:ScriptRoleWorkflowStrategyType">
         <readOnlyDimensionTags/>
         <readWriteDimensionTags>
            <tag>PROV</tag>
         </readWriteDimensionTags>
         <ruleDefinition>
            <script><![CDATA[
              if(OBJECT.migration){
                return null
              }
            return "role-one-app-manualProv-workflow"
          ]]></script>
         </ruleDefinition>
      </workflowStrategyForCreate>
      <workflowStrategyForUpdate xsi:type="ctdbum:NoneRoleWorkflowStrategyType">
         <readOnlyDimensionTags/>
         <readWriteDimensionTags/>
      </workflowStrategyForUpdate>
      <workflowStrategyForDelete xsi:type="ctdbum:NoneRoleWorkflowStrategyType">
         <readOnlyDimensionTags/>
         <readWriteDimensionTags/>
      </workflowStrategyForDelete>
      <supersededWorkflowActions/>
   </ctdbum:RoleAssignmentManualProvisioningPolicy>
</kit:DataSet>

Read Next

Business Policies — A Business Policy allows to configure how to trigger actions on Object Types through a Feature with an optional configured Workflow.
Object Policies — An Object Policy is an Identity Management Service Policy allowing to execute arbitrary actions on Managed Objects, either on a scheduled basis, or in reaction to an Object Operation.
Deduplication Policies — A Deduplication Policy describes how duplicates should be searched for when creating a managed object.
Feature Access Policies — A Feature Access Policy is composed of a right which encompasses several Features.
Manual Provisioning Policies — A Manual Provisioning Policy allows to define that manual provisioning or deprovisioning Workflow is launched when the Role assignment status changes.
Object Lifecycle Policies — An Object Lifecycle Policy allows to configure rules, on all Object Types, that will alter an Object attribute directly when certain lifecycle events occur.
Password Policies — A Password Policy determines how passwords should be composed and which rules apply to their lifecycle.
Role Request Policies — A Role Request Policy allows to define if a Role can be requested, for whom, by whom, and using which Workflow.
Workflow Administration Policies — A Workflow Administration Policy is composed of a right which encompasses several Features.
Memority MFA Account Policies — A Memority MFA Policy allows to configure how multi factor authentication should be applied to a population of user
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close