You are viewing the documentation for an outdated or unreleased 9.5 version.
This page is also available in versions: 7.6, 7.7, 7.8, 8.0, 8.1, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.7 (current), devel
This page is also available in versions: 7.6, 7.7, 7.8, 8.0, 8.1, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.7 (current), devel
Differences
This shows you the differences between two versions of the page.
| — |
9.5:documentation:accounts [2019/02/27 13:17] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | <- .:systems | Systems ^ .:start | Documentation ^ .:synchronization | Synchronization -> | ||
| + | ====== Accounts ====== | ||
| + | An entity called Account is used in CzechIdM to represent object in connected system. In other words object on connected system is linked to CzechIdM entity like Role via Account entity. | ||
| + | |||
| + | {{ :devel:documentation:accounts.png | Accounts linked to connected system objects}} | ||
| + | |||
| + | CzechIdM supports linking objects to CzechIdM entities during Synchronization. Moreover administrators can link them manually e.g. to correct the data state after e.g. AD admins did some unwanted change. Linking objects and entities via accounts allows CzechIdM to support interesting features: | ||
| + | * Identities can have **multiple accounts**, for example to manage test or system objects on connected systems. | ||
| + | * Objects on connected systems can be **renamed**. E.g Group in MS AD can move (changed their DN) | ||
| + | * Accounts can be in **Protected state**. | ||
| + | |||
| + | ===== Protected state of accounts ===== | ||
| + | |||
| + | In protected state objects linked to affected account are not deleted from connected systems. Thus | ||
| + | * Administrators can set CzechIdM to **move objects to archive** or trash rather than deleting them | ||
| + | * Objects are kept in the archive **for a define period of time**, after that CzechIdM will delete them in a standard way. If the time period is not defined, objects are not deleted ever. | ||
| + | |||
| + | {{ :devel:documentation:protected.png | Protected state}} | ||
| + | |||
| + | Protected state can be used on systems on which it is not desired to delete objects instantly for example MS Exchange. This way users can get some time to move their mails before mailboxes are deleted. | ||
| + | |||
| + | ====== Read more ====== | ||
| + | |||
| + | ===== Admin tutorials ===== | ||
| + | * [[tutorial:adm:accounts| Accounts - linking accounts to objects ]] | ||
| + | |||
| + | ===== Admin guide ===== | ||
| + | * [[.accounts:adm:accounts|Account management]] | ||
| + | * [[.accounts:adm:account-protection|Protected state of account]] | ||
| + | |||
| + | ===== Devel guide ===== | ||
| + | * [[..:documentation:accounts:dev:account-management|Account management]] | ||
| + | * [[..:documentation:accounts:dev:protection-system|Protected state of account]] (to be deleted) | ||