====== Modules - Technical accounts [tech] ======

The additional module for managing technical accounts is designed to provide users with an easy way to manage accounts that are not owned by a person, but are instead used to provide a service. These technical accounts are an important part of many organizations, and this module allows users to keep track of their various attributes and settings. With this module, users will be able to easily manage their technical accounts and ensure that they are being used effectively and efficiently.


===== Module features =====

{{.:tech_module_schema.png?direct&}}

The technical account serves as the owner of the account in the target system. This allows you to manage it without having an identity which owns it.

A technical account can also have guarantors, either directly (an identity), or by role. A guarantor is a user who is responsible for managing the account, and making sure that correct attributes and roles are set for it. This also allows you to apply permissions and allow guarantors to only the technical accounts for which they are guarantors.

===== Lifecycle =====

A technical account can either be created by [[:tutorial:adm:modules_tech_create_account|synchronization from a target system]] (if the account already exists), or a new account can be created via [[:tutorial:adm:modules_tech_create_account|the wizard]].

Technical accounts can be managed via standard provisioning mapping but some attributes will require manual management.

Two processes ensure the state is valid 'EndTechnicalAccountProcess' invalidates technical accounts where 'validTill' already past
and 'StartTechnicalAccountProcess' will validate them if date is between 'validFrom' and 'validTill'.

By default processes run every day at 0:30.

The state is also validated on every save.

===== Configuration (from version 2.1.0) =====

<code properties>
# list of attributes from account connector object added to technical account entity report
idm.sec.tech.account.report.connector.object.attributes=
</code>

The property ''idm.sec.tech.account.report.connector.object.attributes'' defines attributes of the account on the system that will be added to the technical account entity report. If you want to define multiple attributes, separate them with a comma.

<note important>
If properties of the account on the system are defined and the system is unavailable during report generation, the attempt to retrieve attributes for each account will wait for the internal IdM timeout.
</note>

===== Admin tutorials =====

  * [[:tutorial:adm:modules_tech_create_account|Create a new technical account]]
  * [[:tutorial:adm:modules_tech_synchronize_account|Technical account synchronization]]