Layer7 Identity Management

Expand all | Collapse all

IDM 14.1 Who triggers Prov Modify User tasks?

  • 1.  IDM 14.1 Who triggers Prov Modify User tasks?

    Posted 01-22-2019 01:29 PM

    Hi all. I see that a few hours after night Expore and Correlation runs, there are a lot of "Provisioning Modify User" tasks, each for each user correlated. Which component is triggering these tasks, and what can be the impact of swithing off?

     

    I am asking because these tasks occurs in about 5hs, on which IDM becomes very unestable.



  • 2.  Re: IDM 14.1 Who triggers Prov Modify User tasks?

    Posted 01-22-2019 01:32 PM

    Note on my environment: only AD is authoritative source, other systems only correlates with accounts. Only password and lock/unlock is used on User Console, there are no provisioning roles for connectors.



  • 3.  Re: IDM 14.1 Who triggers Prov Modify User tasks?

    Posted 01-23-2019 10:22 AM

    Lets say a user does an E&C in Provisioning Manager on a 1000 new users.  Now they exist in PM global user store.  How do you create them in IM?  Each modify and create creates a notification.  If you look on a Provisioning Server and run dxserver status you will see the DSAs that exist on any Provisioning server.  The notify is the DSA stores the updates that need to happen in IM.  The notify DSA will send the message to IM to the URL in the inbound sync.  IM will get this information on the users.

     

    Go back to Provisioning Manager and change the user (give him a middle name).  This change you will see at the bottom if PM with the change.  You rerun the etanotify.log on the provisioning server and you will see the new callback trying to be sent.  You see the notification, modify of user and complete.  Now you can go back to IM and see the task in IM as a Provisioning modify user of the change.  You can select the task and you can see the details of the user (adding the middle name).

     

    Inbound sync. You are making a change from PM that needs to go back to IM.  Go to PM and go to SYSTEM\Identity Manager Setup and it calls back to a URL which you see in PM dialog.  This URL is a the IM host:8080/ETACALLBACK?env-identityENV.  Where Provisioning sends updates back to IM to the alias of the environment (in this case (identityENV).  It packages a payload from Provisioning to IM.  In your case it is running the modify user tasks. 

    The impact of switching this off is your users with any modifications (name, phone, department, etc) will not be updated until ran again.

     

    Thank you.