You are viewing the documentation for the current version.
This page is also available in versions: 7.6, 7.7, 7.8, 8.0, 8.1, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5 (current), devel


This shows you the differences between two versions of the page.

Link to this comparison view

9.5:documentation:provisioning [2019/02/27 09:22] (current)
Line 1: Line 1:
 +<- .:​synchronization | Synchronization ^ .:start | Documentation ^ .:​transformation_scripts | Transformation scripts ->
 +====== Provisioning ======
 +Provisioning is the propagation of entities and their attributes to managed systems.
 +In case of Identities, only those (users) with appropriate roles assigned (guaranteeing the account on the system) are provisioned.
 +Our robust provisioning implementation brings the following benefits:
 +  * **Fully audited provisioning queue** - Every push operation and its result is audited, and the audit is available to admins via GUI.
 +  * **Retry mechanism** - Provisioning queue pushes the data into managed systems. If the system encounters any problem or is currently offline, the data stays in a queue and tries the operation again in a while when the system is available.
 +  * **Read only systems** - If the system is in a read-only mode, all operations are stored in a provisioning queue. Administrators can see changes, but nothing is sent. This is very useful for new managed system link-up, cutover, or debugging.
 +  * **Disabled systems** - Operations are stored in the provisioning queue, no transformation of attributes is computed as long as the system is not switched back into an enabled state.
 +  * **Asynchronous systems** - System can be switched to an asynchronous state. In that case, all operations are stored in a provisioning queue and then pulled from the queue by appropriate periodical [[devel:​documentation:​scheduled_task|scheduled task]]. This principal is very convenient for systems that handle requests slowly.
 +{{ :​devel:​documentation:​provisioning.png | Provisioning to multiple systems}}
 +===== Provisioning queue =====
 +When a system is flagged as asynchronous,​ read only or disabled operations are placed into a provisioning queue. From the queue, operations are pulled either by a scheduled task or manually by admin in CzechIdM GUI.
 +{{ :​devel:​documentation:​provisioning_queue.png | AD Provisioning queue}}
 +====== Read more ======
 +===== Admin tutorials =====
 +  * [[tutorial:​adm:​provisioning | Provisioning - general configuration options]]
 +  * [[tutorial:​adm:​create_provisioning_break| Provisioning brake - monitor operation sent to the connected system]]
 +  * [[tutorial:​adm:​manage_ldap| LDAP - how to connect and configure]]
 +  * [[tutorial:​adm:​connect_a_db_system| Database - how to connect and configure]]
 +  * [[tutorial:​adm:​systems| Generic System - how to connect and configure]]
 +  * [[tutorial:​adm:​password_provisioning| Password provisioning and transformation]]
 +===== Admin guide =====
 +  * [[.adm:​provisioning|Provisioning overview]]
 +===== Devel guide =====
 +  * [[.provisioning:​dev:​provisioning| Provisioning config]]
 +  * [[.systems:​dev:​system-mapping|Connector configuration and attribute mapping]]
 +  * [[.provisioning:​dev:​break| Provisioning break processor and logic]]
 +  * [[.provisioning:​dev:​role| Provisioning of roles implementation]]
 +  * [[.provisioning:​dev:​role-catalogue| Provisioning of roles catalog implementation]]
 +  * [[.provisioning:​dev:​tree| Provisioning of Tree Nodes implementation]]