<- .:synchronization | Synchronization ^ .:start | Documentation ^ .:transformation_scripts | Transformation scripts -> ====== Provisioning ====== Provisioning is the propagation of entities and their attributes to managed systems. In the case of Identities, only those (users) with appropriate roles assigned (guaranteeing the account on the system) are provisioned. Our robust provisioning implementation brings the following benefits: * **Fully audited provisioning queue** - Every push operation and its result is audited, and the audit is available to admins via GUI. * **Retry mechanism** - Provisioning queue pushes the data into managed systems. If the system encounters any problem or is currently offline, the data stays in a queue and tries the operation again in a while when the system is available. * **Read-only systems** - If the system is in a read-only mode, all operations are stored in a provisioning queue. Administrators can see changes, but nothing is sent. This is very useful for new managed system link-up, cutover, or debugging. * **Disabled systems** - Operations are stored in the provisioning queue, no transformation of attributes is computed as long as the system is not switched back into an enabled state. * **Asynchronous systems** - System can be switched to an asynchronous state. In that case, all operations are stored in a provisioning queue and then pulled from the queue by appropriate periodical [[devel:documentation:scheduled_task|scheduled task]]. This principle is very convenient for systems that handle requests slowly. {{ :devel:documentation:provisioning.png | Provisioning to multiple systems}} ===== Provisioning queue ===== When a system is flagged as asynchronous, read-only or disabled operations are placed into a provisioning queue. From the queue, operations are pulled either by a scheduled task or manually by admin in CzechIdM GUI. {{ :devel:documentation:provisioning_queue.png | AD Provisioning queue}} ====== Read more ====== ===== Admin tutorials ===== * [[tutorial:adm:provisioning | Provisioning - general configuration options]] * [[tutorial:adm:create_provisioning_break| Provisioning brake - monitor operation sent to the connected system]] * [[tutorial:adm:manage_ldap| LDAP - how to connect and configure]] * [[tutorial:adm:connect_a_db_system| Database - how to connect and configure]] * [[tutorial:adm:systems| Generic System - how to connect and configure]] * [[tutorial:adm:password_provisioning| Password provisioning and transformation]] ===== Admin guide ===== * [[.adm:provisioning|Provisioning overview]] * [[.adm:provisioning_queue|Provisioning queue]] * [[.adm:provisioning_context|Provisioning context]] ===== Devel guide ===== * [[.provisioning:dev:provisioning| Provisioning config]] * [[.systems:dev:system-mapping|Connector configuration and attribute mapping]] * [[.provisioning:dev:break| Provisioning break processor and logic]] * [[.provisioning:dev:role| Provisioning of roles implementation]] * [[.provisioning:dev:role-catalogue| Provisioning of roles catalog implementation]] * [[.provisioning:dev:tree| Provisioning of Tree Nodes implementation]]