| Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:czechidm_installation_finalize [2019/07/10 08:57]
doischert [Schedule the tasks] |
tutorial:adm:czechidm_installation_finalize [2019/08/12 10:27]
fiserp [Schedule the tasks] |
| idm.sec.core.filter.IdmIdentity.managersFor.impl=guaranteeManagersFilter | idm.sec.core.filter.IdmIdentity.managersFor.impl=guaranteeManagersFilter |
| idm.sec.core.filter.IdmIdentity.subordinatesFor.impl=guaranteeSubordinatesFilter | idm.sec.core.filter.IdmIdentity.subordinatesFor.impl=guaranteeSubordinatesFilter |
| | </code> |
| | |
| | ==== Configure subordinates provisioning ==== |
| | |
| | Sometimes, we provision some details about the manager to the identity accounts. E.g. the attribute "manager" in Active Directory is the link to the user's manager. To make this link up-to-date, IdM does provisioning for new and original subordinates of the manager every time, when the manager's contract changes. |
| | |
| | If you don't need this functionality, which can be time consuming, switch it off like this: |
| | |
| | <code properties> |
| | idm.sec.acc.processor.identity-contract-provisioning-processor.includeSubordinates=false |
| | idm.sec.acc.processor.identity-contract-before-save-processor.includeSubordinates=false |
| </code> | </code> |
| | |
| If you want to use validity of the [[devel:documentation:identities#contracts|contracts]] and standard [[devel:documentation:hr_processes|HR processes]] in CzechIdM, make sure that HR processes will be started every day. There are 2 options: | If you want to use validity of the [[devel:documentation:identities#contracts|contracts]] and standard [[devel:documentation:hr_processes|HR processes]] in CzechIdM, make sure that HR processes will be started every day. There are 2 options: |
| * [[tutorial:adm:create_and_configure_trigger|Schedule]] the Hr...Process tasks. | * [[tutorial:adm:create_and_configure_trigger|Schedule]] the Hr...Process tasks. |
| * Ensure that [[devel:documentation:synchronization:dev:relation-sync|synchronization of contracts]] from some resource will run every day and the "After end, start the HR processes" option is ticked in the configuration of this synchronization. Also, start the 3 Hr...Processs tasks at least once **manually**, otherwise they won't be started after end of synchronization. | * Ensure that [[devel:documentation:synchronization:dev:relation-sync|synchronization of contracts]] from some resource will run every day and the "After end, start the HR processes" option is ticked in the configuration of this synchronization. |
| | <note warning>Start the 3 Hr...Processs tasks at least once **manually**, otherwise they won't be started after end of synchronization.</note> |
| |
| If you want to use the [[devel:documentation:accounts:dev:protection-system|Account protection system]] for some connected system, you must schedule the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#accountprotectionexpirationtaskexecutor|AccountProtectionExpirationTaskExecutor]] to start once every day. | If you want to use the [[devel:documentation:accounts:dev:protection-system|Account protection system]] for some connected system, you must schedule the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#accountprotectionexpirationtaskexecutor|AccountProtectionExpirationTaskExecutor]] to start once every day. |
| |
| If you want to use **Maximum password age**, schedule the tasks mentioned in [[...:czechidm_installation_finalize#password_policy|Password policy section]] to run once every day. | If you want to use **Maximum password age**, schedule the tasks mentioned in [[...:czechidm_installation_finalize#password_policy|Password policy section]] to run once every day. |