https://wiki.czechidm.com/ 2026-04-06T06:56:45+00:00 https://wiki.czechidm.com/ https://wiki.czechidm.com/_media/wiki/logo.png text/html 2025-10-22T14:41:55+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/accounts?rev=1761144115&do=diff Password synchronization Documentation Synchronization Accounts An entity called Account is used in CzechIdM to represent object in connected system. In other words object on connected system is linked to CzechIdM entity like Role via Account entity. [ Accounts linked to connected system objects] CzechIdM supports linking objects to CzechIdM entities during Synchronization. Moreover administrators can link them manually e.g. to correct the data state after e.g. AD admins did some unwanted … text/html 2019-03-01T09:08:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/application_configuration?rev=1551431286&do=diff Notifications Documentation Workflows Application configuration Configuration file CzechIdM configuration is in the file application.properties. This configuration is read at the application start. If changed, new options will be applied after application restart. Application settings in GUI text/html 2019-03-04T13:46:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/architecture?rev=1551707194&do=diff Conventions Documentation Bulk actions Architecture architecture The application is divided into 2 technological lines: backend (java) and frontend (javascript). There is a REST interface between the two. * BE - Backend (java): * jdbc db (primary PostgreSQL) * Hibernate ORM * Spring (data, data rest, hateoas, security, integration) text/html 2025-11-13T13:32:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/audit?rev=1763040754&do=diff User tasks Documentation Password policies Audit CzechIdM contains complete audit information about administered entities such as Identities, Roles, Organizations, Contracts and selected operations, e.g. Synchronization and Provisioning. Audit informations are available in form of a “snapshot”, i.e. what the entity looked like at the time of a change. Thin imprint can be searched for in the audit and compared with any other imprint or with the current state of the entity. text/html 2019-03-04T10:44:12+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/bulk_actions?rev=1551696252&do=diff Architecture Documentation Generated values Bulk actions bulk action operation In CzechIdM GUI there exist bulk actions on objects like * Identities * Roles * Organisations One can filter identities, select all of them or only some and invoke bulk action like * Delete identity * Assign or remove roles text/html 2024-02-08T12:52:09+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/caching?rev=1707396729&do=diff Modules - Property and licences [prp] Documentation Conventions Caching Caching mechanisms are used to alleviate some load from the database in situations, in which the system does a lot of database querying with expected same results. For instance, in CzechIdM it is used for configuration, scripts and other similar places. There are some things, that we need to take into consideration when we are dealing with caching in CzechIdM. text/html 2024-08-08T16:11:38+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/compatibility?rev=1723133498&do=diff <- .:long-polling | ^ .:start | Documentation ^ .:known issues | → Compatibility Web browsers Google Chrome Tested versions * Version 66.0.3359.181 (Official build) (64bit) * Version 70.0.3538.67 (Official build) (64bit) * Version 70.0.3538.102 (Official build) (64bit) text/html 2020-06-23T12:24:59+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/confidential_storage?rev=1592915099&do=diff Workflows Documentation IdM data export/import agenda Confidential storage agenda is required generate new keyChangeConfidentialStorageKey Agenda in Settings (left menu), where confidential storage values are readable. It is in read only mode, so values cannot be changed, removed or added some more. Confidential storage text/html 2020-03-23T20:31:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/contracts?rev=1584995482&do=diff Identities Documentation Roles Contracts The relation of identities in CzechIdM to a company or organization is represented by an entity called contract. A contract can represent for example: * job contract for work – employees * study – pupils/students * contract/arrangement text/html 2020-02-21T08:35:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/conventions?rev=1582274101&do=diff Caching Documentation Architecture Conventions Naming conventions make code more understandable by making them easier to read. They can also give information about the function of the identifier (e.g. whether it's a constant, package, or class). Devel guide * Conventions to contribute. * text/html 2021-09-07T12:53:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/cross-domains?rev=1631019205&do=diff Systems Documentation Wizards Cross domains ad provisioning system What are cross-domains? By cross-domains, we mean a set of external systems that are linked and share, for example, the same permissions. A typical example of a cross-domains group might be the linking of multiple domains in MS Active Directory text/html 2020-07-02T10:14:56+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/delegation?rev=1593684896&do=diff IdM data export/import agenda Documentation Modules Delegation The aim of delegations is to transfer approval tasks to another solver. We divide delegations into automatic and manual. Automatic delegation In automatic delegations, a rule is first created according to which tasks are automatically delegated. A typical example is text/html 2020-03-23T19:08:10+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/eav?rev=1584990490&do=diff Organization structure Documentation Systems Extended attributes (EAV) Entities (Identities, Roles...) in CzechIdM contain a set of basic attributes that can deal with most of the general situations. However, due to the fact, that the implementation needs vary, it often happens that there are not enough basic attributes. Therefore, the so-called extended attributes (EAV) can be added to important entities in the text/html 2020-06-23T12:28:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/export_import?rev=1592915282&do=diff Confidential storage agenda Documentation Delegation IdM data export/import agenda export import zip batch This agenda is used to transfer configuration data from one IdM to another. A typical use scenario is when you already have IdM configured on a test environment and now you need to migrate the tested configuration to a production environment. text/html 2021-03-16T21:11:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/generated_values?rev=1615929102&do=diff Bulk actions Documentation Long polling Generated values generated generator values value generable The main functionality of all generator is generating values. In CzechIdM is princip of generated values same. During creating entity is called generator manager. Manager will iterate over all available and enabled generator for currently created identity. Generators are used only when is entity text/html 2019-10-07T08:18:59+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/hr_processes?rev=1570436339&do=diff Scheduled tasks Documentation User tasks HR Processes The process of identity lifecycle (ILP), in other words HR process, manages the user identity in CzechIdM during its existence based on the changes of its contracted positions. For example, there is a process "End of contract" that watches the beginning and the end of user's contracted position. If the contracted position ends, the process removes all user roles from it. text/html 2020-03-26T09:50:18+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/identities?rev=1585216218&do=diff Documentation Documentation Contracts Identities (users) In identity management, identity is a set of information that describes a real person. Some of the information like First Name, Last Name, Login or Password is crucial for many IT systems, since they process them, or e.g. use them for authentication or authorization. Identity management systems process the data about identity, transform them and use them to manage accounts on connected systems. text/html 2025-06-03T09:46:45+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/known_issues?rev=1748944005&do=diff <- .:compatibility | ^ .:start | Documentation ^ .:testing | → Known issues This section is intended to contain the list of known issues that are not quick to solve i.e. those that occur in included libraries. If possible there is a workaround to the issue. This list does not replace the bugtracking tool for CzechIdM - text/html 2019-09-10T15:24:17+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/long-polling?rev=1568129057&do=diff Generated valuesCzechIdM documentationCompatibility Long polling long polling websocket sse What is Long polling Long polling solves situations when the user is forced to periodically click on refresh of the table to see the current data. Long polling ensures page refresh automatically, without user interaction. The easiest way to achieve automatic renewal is to periodically polling the client. The period of these requests must be as short as possible (seconds). This implies a major disadvan… text/html 2026-02-12T15:15:20+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_bsc?rev=1770909320&do=diff Modules - Business cards [bsc] This module will give you the possibility to create business cards for users in IdM. Business cards are generated as PDF. Data for this document must be saved in IdM. It doesn't matter where the data are saved. You have the option to create business card from basic identity attribute, EAV, contract attribute, etc. text/html 2020-03-22T21:04:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_ca?rev=1584911073&do=diff Modules - Certificate authority [ca] Modules - Certificates [crt] text/html 2024-02-08T12:51:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_comp?rev=1707396706&do=diff Modules - Tool [tool] Documentation Modules - Property and licences [prp] compliance Modules - Compliance [comp] Welcome to the documentation for the Compliance Module. This module provides you with a powerful tool to manage agreements with selected texts and give permissions for user accounts based on their agreement status. With the Compliance Module, you can easily centralize all your agreements and automate processes based on them. text/html 2024-04-22T10:55:27+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_crt?rev=1713783327&do=diff <- .:modules_reports | ^ .:start | Documentation ^ .:modules_rec | → Modules - Certificates [crt] certificate CRT module was designed to handle various certificate authority implementations via specific drivers. Currently, there is one driver implemented - the text/html 2026-02-12T15:36:05+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_extras?rev=1770910565&do=diff CzechIdM - extras The extras module contains varous that are not part of the core IdM or have a dedicated module.This module ships by default with IdStory IdM and is free of charge. List of the currently supported features is below. Currently supported CzechIdM version : 11+ text/html 2026-02-12T16:06:28+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_gdpr?rev=1770912388&do=diff Modules - GDPR [gdpr] This module adds a capability for IdStory IdM to anonymize personal data of users in accordance with GDPR regulations. The module allows selecting individual anonymized attributes for users or contracts and anonymizing them after a cretain number of days have passed. Alternatively, the task allows the user to be deleted directly from IdM. Only users who are in the state LEFT or manually blocked are considered. text/html 2024-02-27T14:27:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_ms_exo?rev=1709044039&do=diff Exchange connector This connector is developed for managing Exchange permission management for shared emails nad folders via Exchange Online PowerShell module. Connector is based on WinRM + AD Connector. Requirements Has same requirements as WinRM + AD Connector. Plus requires: * PowerShell 7 * Exchange Online PowerShell module Supported operations text/html 2024-02-27T14:14:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_ms_spo?rev=1709043248&do=diff SharePoint connector This connector is developed for managing SharePoint permission management via PnP.PowerShell module. Connector is based on WinRM + AD Connector. Requirements Has same requirements as WinRM + AD Connector. Plus requires: * PowerShell 7 * PnP.PowerShell module Supported operations ObjectOperations__ACCOUNT__ text/html 2024-01-15T15:29:53+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_ms_teams?rev=1705332593&do=diff Microsoft Teams Graph API Connector This connector is developed for managing Microsoft Teams membership via MS Graph API You can follow this project on GitHub This connector is using Microsoft Teams Graph API for communication. For more information about the API capabilities see text/html 2025-08-12T12:01:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_ntf?rev=1755000061&do=diff topic module notifications sms email notification idm-ntf Modules - Notification [ntf] paid The notification module contains a simplified mechanism for notification configuration. It helps the administrator with: * define events that should trigger a notification (for example, changes on a user), * define rules text/html 2020-03-22T21:14:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_openam?rev=1584911646&do=diff Modules - User registration [reg] Documentation Modules: password reset [pwd-reset] Modules - OpenAM authentication [openam] The module enables Single-Sign-On and authentication against OpenAM for CzechIdM. It also provides a REST endpoint for retrieving users' OpenAM attributes, e.g. uid, dn, destinationindicator. Authentication process text/html 2025-11-24T12:32:50+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_pam?rev=1763987570&do=diff Module - Privileged Accounts Management Introduction Getting Started The Getting Started section functions as a roadmap for new users. It contains a summary of basic steps when using the module, information about available help and recommended resources. text/html 2025-12-15T15:01:17+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_prp?rev=1765810877&do=diff <- .:modules_comp | .:start | Documentation ^ .:caching | → Modules - Property and licences [prp] property licence The module for managing property and licences (prp module) is a tool for creating sets of property or licences and assigning them to individual users. Since CzechIdM already has data about users and often manages the systems for which you purchase licences, it is a great idea to use it to manage your licences and property as well. text/html 2020-03-22T21:12:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_pwd?rev=1584911522&do=diff Modules: openAM authentication Documentation Modules: virtual systems Modules - Password reset [pwd-reset] The module provides the functionality of password reset or, in other words, the recovery of a forgotten password. [ Password reset process] Process of restoring your forgotten password User can start the process on CzechIdM login page where is a "Forgotten password" link. In the next step, user is required to enter the account identifier. For now, identity email or login are supported… text/html 2025-10-21T19:09:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_rec_15?rev=1761073774&do=diff idm15 recertification module idm-rec workflows Modules - Recertification Modules - Recertification (IdM 15+) [rec] paid The Recertification module in Identity Management (IdM) gives the ability to perform regularly scheduled, or individual recertification requests of assigned permissions in IdM. The recertification requests will initiate an approval process at the end of which, the permissions are either retained (recertified) or removed as no longer needed. This increases the overall security l… text/html 2026-02-12T14:50:16+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_rec?rev=1770907816&do=diff Modules - Recertification [rec] recertification role Modules - Recertification (IdM 15) Role recertification module approves assigned user roles again. When user has a lot of assigned roles for a long time, we want to check these assigned roles periodicaly (in a half year interval for security reasons), if some assigned role has to be already removed. Currently valid manual direct assigned roles are checked - only manual roles can be assigned and stay assigend, after user is changed some way (… text/html 2023-02-27T13:23:56+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_reg?rev=1677504236&do=diff Modules Documentation Modules: OpenAM authentication Modules - User registration [reg] Reg module serves as a registration point for new users to access CzechIdM. To be a registered user, one has to go through several validation steps before he can log in to CzechIdM. Validation steps are configurable in CzechIdM. Enabled module adds new text/html 2025-08-07T09:53:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_reports?rev=1754560399&do=diff <- .:modules_rpt | ^ .:start | Documentation ^ .:modules_crt | → report Modules - Implemented reports [reports] The main purpose of reports is to create a snapshot of current data in IdM which can then be downloaded as a CSV or XLSX file. This is often useful for audits or other cases when an overview of a large amount of data in IdM is needed. The reports module gives the basic text/html 2020-03-10T13:00:07+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_rpt?rev=1583845207&do=diff Modules - Virtual systems [vs] Documentation Modules - Implemented reports [reports] report Modules - Reports [rpt] Reports module implements the logic of defining a report, preparing it and make in available for download in CzechIdM GUI. Other modules can provide its own report bulks which will then be available in [rpt]. [ [reports] and [rpt] modules] [rpt] module itself contains one example report. Other reports you can get via text/html 2020-03-22T21:09:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_scim?rev=1584911344&do=diff Modules - SMS [sms] Documentation Modules - Tool [tool] scim Modules - SCIM [scim] "scim" module exposes interface in CzechIdM by the SCIM 2.0 specification. Thus CzechIdM can be - as a server - connected to clients that implement SCIM 2.0 via its public API. [ SCIM module] More about general SCIM specification - model, operations and endpoints. Read more Admin tutorials * text/html 2020-03-22T21:05:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_sms?rev=1584911104&do=diff Modules - Recertification [rec] Documentation Modules - SCIM [scim] Modules - SMS [sms] The module provides sending sms via gateway and gateway can be placed behind proxy. Module consists of drivers, each can communicate with some SMS gataway implementation. Now these implementations (drivers) are available: SMS Sender - GET script text/html 2025-10-20T08:29:32+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_tech?rev=1760948972&do=diff account technical module technical_account idm-tech Modules - Technical accounts [tech] paid The Technical Accounts module in Identity Management (IdM) is designed to help manage accounts that are not tied to a specific user identity, but instead serve a technical or system purpose. These accounts – often referred to as text/html 2024-06-20T08:14:53+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_tool?rev=1718871293&do=diff Modules - SCIM [scim] Documentation Modules - Compliance [comp] idmtool tool Modules - Tool [tool] Source documentation on Github. ## Features - Release product version - release product under final version, new development version will be set, tag will be prepared. - Release module version - release module under final version, new development version will be set, tag will be prepared. - Change product version - set version for all modules. - Get product version - for test reasons only. - Bu… text/html 2019-06-12T13:21:26+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules_vs?rev=1560345686&do=diff Modules: password reset Documentation Modules: Reports Modules - Virtual systems [vs] What is a virtual system A virtual system is a type of system that is not directly connected for online management. IdM "knows" what accounts and permissions the user should have on the virtual system, but on the real system this is executed by the text/html 2026-02-12T15:13:52+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/modules?rev=1770909232&do=diff Modules The Architecture of CzechIdM is highly modular. The core module serves as a basic module and is essential for the application run. All other modules are usually dependent on the Core module. The Acc module users Core module services and is also very important to the application, but the application can run with the module turned off. The module takes care of user accounts on connected systems. Usually the module is ON on almost all cases. Other important module for the application is IC… text/html 2022-10-12T18:12:38+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/monitoring?rev=1665598358&do=diff Monitoring monitoring architecture configuration @since 11.1.0 Monitoring agenda is available under ``System`` - ``Monitoring`` main menu. Agenda shows monitoring results and configured monitoring evaluators. Configured evaluators creates monitoring results about CzechIdM application state (e.g. synchronization is running, contains errors). Each evaluator provides one monitoring result. Last monitoring results (by monitoring evaluator) with warning and error level are shown in top navigation… text/html 2019-03-01T07:54:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/notifications?rev=1551426894&do=diff Security Documentation Application configuration Notifications CzechIdM allows sending messages to users. There are several types of notifications in CzechIdM: * Emails – The most common way of communication, it only requires an available SMTP server. * Websocket – A modern communication protocol used for communication between the web browser (user) and the web server. In CzechIdM, it is used for displaying of informational or warning notices directly in the web browser of a logged-in user.… text/html 2019-02-27T09:32:03+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/organization?rev=1551259923&do=diff Organizational structure organization Tree structures Documentation Extended attributes In the application, more types of tree structures are allowed through the agenda of types and elements of the tree structure. These tree structures are used across the application - see further below. Admin guide * Default organizational structure Devel guide text/html 2019-02-27T15:42:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/password_policies?rev=1551282166&do=diff Audit Documentation Security Password policies A password policy determines, which rules must be met by new passwords either changed by users or generated by CzechIdM itself. CzechIdM implements really strong password policies mechanism that allows to define quite a complex rules. Admins can define policies that meet standard MS AD password policies including text/html 2020-08-28T11:20:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/provisioning?rev=1598613654&do=diff Synchronization Documentation Transformation scripts Provisioning Provisioning is the propagation of entities and their attributes to managed systems. In the case of Identities, only those (users) with appropriate roles assigned (guaranteeing the account on the system) are provisioned. Our robust provisioning implementation brings the following benefits: text/html 2018-05-18T11:44:13+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/quickstart?rev=1526643853&do=diff Quickstart quickstart This chapter is a simple cookbook, which will help you start quickly with development for CzechIdM 8. Development environment To prepare development environment use tutorial. Developing a module Identity management is a complex discipline which varies greatly from project to project. It is very hard to do a one-size-fits-all product. Therefore we designed CzechIdM 7 to contain the basic, but for many sufficient, functionality and the rest is provided by modules. It do… text/html 2019-04-16T08:07:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/role_attributes?rev=1555402042&do=diff Agenda of universal requests Documentation Role Catalogue Attributes of role role attributes parameters assigned parametrization What are role attributes Role attributes determine what additional information can (must) be filled in a user's assigned role. A typical example can be the IP address of a user's end station, which must be filled in a role assignment request. text/html 2019-02-14T14:06:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/role_catalogue?rev=1550153175&do=diff Attributes of role Documentation Tree structures Roles Catalog Roles catalog contains folders in tree structure into which administrator of CzechIdM can place roles. Every Role can be part of one or more folders. Role catalog is accessible in user roles change GUI agenda, so users can easily find desired role. [ Role catalog example] Read more text/html 2019-02-01T11:56:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/role_change?rev=1549022194&do=diff Roles Documentation Agenda of universal requests Approval of role assignment When a user apply for a change on his roles set, the role change request is created. [Role change approval process] CzechIdM contains the standard approval process, which ensures approving of this request in the following steps: * Helpdesk – the whole request is approved by holders of the role designated for helpdesk department representatives. text/html 2025-10-24T07:18:35+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/roles?rev=1761290315&do=diff Contracts Documentation Roles change request role incompatible business automatic sod segregation duties Roles A role in CzechIdM is an entity representing a set (1 or more) of permissions on the end system or in CzechIdM itself (permission). From the perspective of the identity manager, it does not matter whether the user acquires an account in a specific application, is placed in a group in LDAP, his indication is set to “can use VPN”, or permission is set for him in the application. In a… text/html 2024-07-02T06:38:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/scheduled_task?rev=1719902322&do=diff Transformation scripts Documentation HR processes Scheduled Tasks Scheduled task is a task the start of which is planned in advance and when started it runs at the background of the application. Examples of scheduled tasks are identity lifecycle processes. The run of the scheduled task can be planned as one time action or run periodically. text/html 2025-07-28T12:45:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/security?rev=1753706722&do=diff Password policies Documentation Notifications Security security authentication authorization API authentication API access requires the user to be authenticated, excluding a few public endpoints. We can divide the sign in into two parts: * authentication - the user proves his identity * authorization - the user has access to given resource text/html 2025-08-14T09:53:51+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/start?rev=1755165231&do=diff CzechIdM documentation text/html 2022-12-09T09:23:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/synchronization?rev=1670577786&do=diff Accounts Documentation Provisioning Synchronization Synchronization represents data flow from source systems (e.g. SAP, HR systems...) to IdM. Usually CzechIdM synchronize employees and organizational structure from HR systems. Other objects like groups can be imported e.g. from AD. text/html 2021-09-01T10:38:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/systems?rev=1630492705&do=diff Extended attributes (EAV) Documentation Cross domains Systems SYSTEM entity represents system connected to CzechIdM. Connection and administration of systems serves two purposes: * acquiring data - synchronization - synchronization is a scheduled task * propagation of data - provisioning - data propagation takes places every time an entity in CzechIdM, e.g. Identity, changes text/html 2024-08-08T04:43:00+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/test_scenarios?rev=1723092180&do=diff Presunuto do <https://wiki.czechidm.com/priv/test-scenarios/frontend> text/html 2024-02-06T09:57:26+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/testing?rev=1707213446&do=diff Known issues Documentation Internal CA Testing tbd Old approach - sync IdM, rollbackable database IdM tests were written with these assumptions: * Most of method calls are synchronized, so you can call method and return result immediately * You can make test transactional and rollback it after test finishes text/html 2020-02-26T11:49:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/transformation_scripts?rev=1582717782&do=diff Provisioning Documentation Scheduled tasks Transformation scripts Often, CzechIdM transform data from source system to managed system. For example CzechIdM wants to fill Active Directory's attribute diplayName that is of format <firstName + LastName>. CzechIdM offers using a transformation script during text/html 2020-03-23T19:10:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/tree_structures?rev=1584990606&do=diff Role catalogue Documentation Organization structure Tree structures Tree structures in CzechIdM are used primarily for representing of the organizational tree of the institution/company. Moreover, with tree structures, one can represent the structure of a team project, school classes, external suppliers, etc text/html 2021-03-23T14:24:16+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/uniform_password?rev=1616509456&do=diff Wizards Documentation Accounts synchronization password filter passwordfilter echo echos uniform password system systems one password Password synchronization Password synchronization from external system to IdM Since version 10.5.0 CzechIdM allows synchronize password from external system. Passwords can be synchronized for example from Active Directory. Password synchronization very helps standard users because they text/html 2019-02-27T16:13:38+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/universal_requests?rev=1551284018&do=diff Approval of role assignment Documentation Attributes of role Agenda of universal requests universal request What is a universal request? The universal request agenda allows you to create a request for any (supported) object in the IdM. A advantage versus the previous agendas for dealing with requests is versatility when there is no need to create a separate agenda for each additional approved object (such as the agenda for automatic roles requests and the agenda of requests for change a permi… text/html 2017-12-11T15:50:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/user_tasks?rev=1513007442&do=diff HR processes Documentation Audit User tasks CzechIdM offers the mechanism for working with user tasks. User tasks are mainly used in workflows that needs user decision or in general user input i.e User role change approval workflow. Tasks usually has implementers - identities that resolve the task - typically Accept or Reject. text/html 2026-03-20T12:10:06+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/wfengine?rev=1774008606&do=diff New Workflow Engine IdStory IDM version 15+ includes a proprietary workflow implementation for use in approval processes. The goal is to enable administrators to configure approval processes easily and flexibly, with full control over the sequence and conditions of approval steps. Auditability and robustness of the entire process are ensured. text/html 2021-09-01T10:41:07+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/wizards?rev=1630492867&do=diff Cross domains Documentation Password synchronization Wizards The main importance of wizards is to simplify the work of the user, so as to avoid complicated entering values and possibly to avoid common mistakes. System wizards System wizards are used primarily to create a new system connected to a given external system. The first step is to select the connector you want to use for the connection. text/html 2020-09-15T11:06:16+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.czechidm.com/devel/documentation/workflows?rev=1600167976&do=diff Application configuration Documentation Confidential storage agenda Workflows Workflow in CzechIdM is typically used to represent a process involving identities, e.g. the "Enable contract" process. Workflow is a piece of code that * services some process (business process, identity lifecycle process etc...) * can generate and manage