Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:czechidm_installation_finalize [2019/07/10 08:57] doischert [Schedule the tasks] |
tutorial:adm:czechidm_installation_finalize [2019/08/12 10:27] fiserp [Schedule the tasks] |
idm.sec.core.filter.IdmIdentity.managersFor.impl=guaranteeManagersFilter | idm.sec.core.filter.IdmIdentity.managersFor.impl=guaranteeManagersFilter |
idm.sec.core.filter.IdmIdentity.subordinatesFor.impl=guaranteeSubordinatesFilter | idm.sec.core.filter.IdmIdentity.subordinatesFor.impl=guaranteeSubordinatesFilter |
| </code> |
| |
| ==== Configure subordinates provisioning ==== |
| |
| Sometimes, we provision some details about the manager to the identity accounts. E.g. the attribute "manager" in Active Directory is the link to the user's manager. To make this link up-to-date, IdM does provisioning for new and original subordinates of the manager every time, when the manager's contract changes. |
| |
| If you don't need this functionality, which can be time consuming, switch it off like this: |
| |
| <code properties> |
| idm.sec.acc.processor.identity-contract-provisioning-processor.includeSubordinates=false |
| idm.sec.acc.processor.identity-contract-before-save-processor.includeSubordinates=false |
</code> | </code> |
| |
If you want to use validity of the [[devel:documentation:identities#contracts|contracts]] and standard [[devel:documentation:hr_processes|HR processes]] in CzechIdM, make sure that HR processes will be started every day. There are 2 options: | If you want to use validity of the [[devel:documentation:identities#contracts|contracts]] and standard [[devel:documentation:hr_processes|HR processes]] in CzechIdM, make sure that HR processes will be started every day. There are 2 options: |
* [[tutorial:adm:create_and_configure_trigger|Schedule]] the Hr...Process tasks. | * [[tutorial:adm:create_and_configure_trigger|Schedule]] the Hr...Process tasks. |
* Ensure that [[devel:documentation:synchronization:dev:relation-sync|synchronization of contracts]] from some resource will run every day and the "After end, start the HR processes" option is ticked in the configuration of this synchronization. Also, start the 3 Hr...Processs tasks at least once **manually**, otherwise they won't be started after end of synchronization. | * Ensure that [[devel:documentation:synchronization:dev:relation-sync|synchronization of contracts]] from some resource will run every day and the "After end, start the HR processes" option is ticked in the configuration of this synchronization. |
| <note warning>Start the 3 Hr...Processs tasks at least once **manually**, otherwise they won't be started after end of synchronization.</note> |
| |
If you want to use the [[devel:documentation:accounts:dev:protection-system|Account protection system]] for some connected system, you must schedule the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#accountprotectionexpirationtaskexecutor|AccountProtectionExpirationTaskExecutor]] to start once every day. | If you want to use the [[devel:documentation:accounts:dev:protection-system|Account protection system]] for some connected system, you must schedule the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#accountprotectionexpirationtaskexecutor|AccountProtectionExpirationTaskExecutor]] to start once every day. |
| |
If you want to use **Maximum password age**, schedule the tasks mentioned in [[...:czechidm_installation_finalize#password_policy|Password policy section]] to run once every day. | If you want to use **Maximum password age**, schedule the tasks mentioned in [[...:czechidm_installation_finalize#password_policy|Password policy section]] to run once every day. |