Wednesday Feb 04, 2015

OIM11gR2PS2: Disconnected System Resource status based on manual fulfillment outcome

When an OIM disconnected system application is provisioned to a user, a manual fulfillment activity is generated and can be viewed in the inbox. This task indicates the person has to complete the provisioning activity manually on the target system and mark the status in OIM. The task to outcomes possible:

  1. Complete
  2. Reject  

When the activity is in pending for completion, the resource/account status is 'Provisioning'. Depending on the outcome from SOA, OIM account status is set.

  1. If the fulfillment person has completed the task and clicked 'Complete' in OIM, the resource status changes to 'Provisioned' from 'Provisioning'. 
  2. If the fulfillment person decides to reject and clicked 'Reject' in OIM, the resource status remains in 'Provisioning' status. This status at this point is not apt. A meaningful status at this point could be 'Cancelled' , 'Rejected' or 'Revoked'.
[Note:For a full view, open the image in a new tab]

While OIM supports custom object status, it is a bit tricky to induce the new status into the object life cycle. Hence, it is simpler to set the object status as 'Revoked' than any other. In the following section lets understand what has to be done to achieve this.

Notice that OIM Provisioning process definition of a disconnected system is auto generated and has the following tasks(Has many other tasks, but list shows what we are interested in):

  1.  ManualProvisioningStart
  2. ManualProvisiongEnd 

The ManualProvisioningStart process task is invoked when the resource is provisioned to the user as this is the process task marked as 'Required For Completion'. This will invoke a SOA composite 'DisconnectedProvisioning' and create a human task. The process task is completed successfully and a manual task is pending for approval. This doesn't have any impact on the resource/account status

 When an action is taken on the pending human task, the process task ManualProvisiongEnd is triggered. This task is responsible for setting the object status. The OOB setting in the Responses of this process task is shown here:

 On the 'Task to Object Status Mapping', the status 'X' is mapped to 'None' OOB. This has to be mapped to 'Revoked' for the object status to be set as 'Rejected' when the fulfillment person Rejects the task. The following screenshot illustrates this configuration change:

 This is a very simple change doesn't require any downtime. Even if the manual fulfillment human task has an expiry setting, this approach works !!

Monday Jun 23, 2014

OIM11gR2: SOA composite for Request Approval Process

The Oracle Identity Manager version consider is OIM11g R2 Base.[Read More]
About

OIM11gR2 Blog by NA-TAG Offshore IDAM team

Search

Categories
Archives
« August 2015
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today