| Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:czechidm_installation_finalize [2019/07/10 08:57]
doischert [Schedule the tasks] |
tutorial:adm:czechidm_installation_finalize [2019/10/31 14:19]
kopro add information about password reset |
| </code> | </code> |
| | |
| | ==== Configure subordinates provisioning ==== |
| | |
| | Sometimes, we provision some details about the manager to the identity accounts. E.g. the attribute "manager" in Active Directory is the link to the user's manager. To make this link up-to-date, IdM does provisioning for new and original subordinates of the manager every time, when the manager's contract changes. |
| | |
| | If you don't need this functionality, which can be time consuming, switch it off like this: |
| | |
| | <code properties> |
| | idm.sec.acc.processor.identity-contract-provisioning-processor.includeSubordinates=false |
| | idm.sec.acc.processor.identity-contract-before-save-processor.includeSubordinates=false |
| | </code> |
| | |
| | ==== Configure password reset for all systems including IdM ==== |
| | Please try check you project if you want reset password to all connected systems including CzechIdM after user's state will be evaluated from disable state to enabled state. This change is processed by processor **IdentitySetPasswordProcessor (acc-identity-set-password-processor)**. You can disable it by configuration property or GUI agenda of processors (it is equivalent). |
| | |
| ===== Schedule the tasks ===== | ===== Schedule the tasks ===== |
| |
| If you want to use validity of the [[devel:documentation:identities#contracts|contracts]] and standard [[devel:documentation:hr_processes|HR processes]] in CzechIdM, make sure that HR processes will be started every day. There are 2 options: | If you want to use validity of the [[devel:documentation:identities#contracts|contracts]] and standard [[devel:documentation:hr_processes|HR processes]] in CzechIdM, make sure that HR processes will be started every day. There are 2 options: |
| * [[tutorial:adm:create_and_configure_trigger|Schedule]] the Hr...Process tasks. | * [[tutorial:adm:create_and_configure_trigger|Schedule]] the Hr...Process tasks. |
| * Ensure that [[devel:documentation:synchronization:dev:relation-sync|synchronization of contracts]] from some resource will run every day and the "After end, start the HR processes" option is ticked in the configuration of this synchronization. Also, start the 3 Hr...Processs tasks at least once **manually**, otherwise they won't be started after end of synchronization. | * Ensure that [[devel:documentation:synchronization:dev:relation-sync|synchronization of contracts]] from some resource will run every day and the "After end, start the HR processes" option is ticked in the configuration of this synchronization. |
| | <note warning>Start the 3 Hr...Processs tasks at least once **manually**, otherwise they won't be started after end of synchronization.</note> |
| |
| If you want to use the [[devel:documentation:accounts:dev:protection-system|Account protection system]] for some connected system, you must schedule the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#accountprotectionexpirationtaskexecutor|AccountProtectionExpirationTaskExecutor]] to start once every day. | If you want to use the [[devel:documentation:accounts:dev:protection-system|Account protection system]] for some connected system, you must schedule the [[devel:documentation:application_configuration:dev:scheduled_tasks:task-scheduler#accountprotectionexpirationtaskexecutor|AccountProtectionExpirationTaskExecutor]] to start once every day. |
| |
| If you want to use **Maximum password age**, schedule the tasks mentioned in [[...:czechidm_installation_finalize#password_policy|Password policy section]] to run once every day. | If you want to use **Maximum password age**, schedule the tasks mentioned in [[...:czechidm_installation_finalize#password_policy|Password policy section]] to run once every day. |