Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:czechidm_installation_finalize [2019/03/04 15:29] apeterova [Schedule the tasks] |
tutorial:adm:czechidm_installation_finalize [2019/08/12 10:27] fiserp [Schedule the tasks] |
idm.sec.core.filter.IdmIdentity.managersFor.impl=guaranteeManagersFilter | idm.sec.core.filter.IdmIdentity.managersFor.impl=guaranteeManagersFilter |
idm.sec.core.filter.IdmIdentity.subordinatesFor.impl=guaranteeSubordinatesFilter | idm.sec.core.filter.IdmIdentity.subordinatesFor.impl=guaranteeSubordinatesFilter |
| </code> |
| |
| ==== Configure subordinates provisioning ==== |
| |
| Sometimes, we provision some details about the manager to the identity accounts. E.g. the attribute "manager" in Active Directory is the link to the user's manager. To make this link up-to-date, IdM does provisioning for new and original subordinates of the manager every time, when the manager's contract changes. |
| |
| If you don't need this functionality, which can be time consuming, switch it off like this: |
| |
| <code properties> |
| idm.sec.acc.processor.identity-contract-provisioning-processor.includeSubordinates=false |
| idm.sec.acc.processor.identity-contract-before-save-processor.includeSubordinates=false |
</code> | </code> |
| |
Review the [[devel:documentation:scheduled_task|scheduled tasks]] in **Settings** -> **Task scheduler**. | Review the [[devel:documentation:scheduled_task|scheduled tasks]] in **Settings** -> **Task scheduler**. |
| |
Especially if you want to use validity of the [[devel:documentation:identities#contracts|contracts]] and standard [[devel:documentation:hr_processes|HR processes]] in CzechIdM, make sure that HR processes will be started every day. There are 2 options: | By default, connected system's synchronization is not scheduled. To do so, you have to add it. Add a new scheduled task SynchronizationSchedulableTaskExecutor, fill in the Synchronization uuid which you can find by opening a synchronization of your system in the URL of the page following synchronization-configs. So, if you have a URL "http://localhost:8080/idm/#/system/f5h4bd76-9218-5fz8-7e5u-0ds772ag968u/synchronization-configs/94b6thj6-2nb1-84g2-sfd2-dgd4f99adsf24/detail?_k=uct1ra", the UID is "94b6thj6-2nb1-84g2-sfd2-dgd4f99adsf24". Save the event and click Add under Scheduled starts. To run the event periodically, set a [[tutorial:adm:create_and_configure_trigger|CRON trigger]]. |
| |
| If you don't want to automatically delete old records in the provisioning archive, remove scheduled run from the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#deleteprovisioningarchivetaskexecutor|DeleteProvisioningArchiveTaskExecutor]]. |
| |
| If you want to use validity of the [[devel:documentation:identities#contracts|contracts]] and standard [[devel:documentation:hr_processes|HR processes]] in CzechIdM, make sure that HR processes will be started every day. There are 2 options: |
* [[tutorial:adm:create_and_configure_trigger|Schedule]] the Hr...Process tasks. | * [[tutorial:adm:create_and_configure_trigger|Schedule]] the Hr...Process tasks. |
* Ensure that [[devel:documentation:synchronization:dev:relation-sync|synchronization of contracts]] from some resource will run every day and the "After end, start the HR processes" option is ticked in the configuration of this synchronization. Also, start the 3 Hr...Processs tasks at least once **manually**, otherwise they won't be started after end of synchronization. | * Ensure that [[devel:documentation:synchronization:dev:relation-sync|synchronization of contracts]] from some resource will run every day and the "After end, start the HR processes" option is ticked in the configuration of this synchronization. |
| <note warning>Start the 3 Hr...Processs tasks at least once **manually**, otherwise they won't be started after end of synchronization.</note> |
| |
If you want to use the [[devel:documentation:accounts:dev:protection-system|Account protection system]] for some connected system, you must schedule the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#accountprotectionexpirationtaskexecutor|AccountProtectionExpirationTaskExecutor]] to start once every day. | If you want to use the [[devel:documentation:accounts:dev:protection-system|Account protection system]] for some connected system, you must schedule the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#accountprotectionexpirationtaskexecutor|AccountProtectionExpirationTaskExecutor]] to start once every day. |
| |
If you want to use **Maximum password age**, schedule the tasks mentioned in [[...:czechidm_installation_finalize#password_policy|Password policy section]] to run once every day. | If you want to use **Maximum password age**, schedule the tasks mentioned in [[...:czechidm_installation_finalize#password_policy|Password policy section]] to run once every day. |