Forms provide essentially 2 main capabilities:
1. They map user attributes in the access request to the back-end user attributes in the corporate directory
2. They are linked to the specific tasks that you need to execute in the back-end Identity Management engine.
The flow is as follows:
1. Define a Provisioning Role in CA Identity Manager (linked to an account template and an endpoint type instance, etc.)
2. Restart the CA Identity Manager main connector from the Identity Portal Admin UI
3. Create a Target Permission in IP that is linked to the newly imported Provisioning Role (Mod Type is ADD - see screenshot)
4. Define your Execution Plan for this Target Permission (select a previously defined Execution Plan):
5. Your Execution Plan Calls a Form (you previously created) - make sure you define which Forms to call for adding and Removing the role:
6. The Forms that you call in the Execution Plan (to handle the Add and Remove of the Target Permission) will in turn call specific tasks to execute the Add and Remove actions in the back-end Identity Manager system. The screenshot below shows the details of the Form 'Assign Role Manager Approval' and the task that it calls:
7. The additionOperation and removalOperation in the task definition should be
directChange and *not*
executeTask
Original Message:
Sent: 06-27-2019 09:35 AM
From: Mukul Anand
Subject: Re: CA Identity Portal - Access Request flow
Yes, I am trying to add using an administrator.
The user can add/remove members from the role in CA Identity Manager but the add/remove button is not available in the Portal.
Also, what role do forms play? I have added a form to the add action and linked it to modifyProvisioningRole task. Still no luck. See below screenshot - No add button
Original Message:
Sent: 06-27-2019 09:21 AM
From: IYES DENDENI
Subject: Re: CA Identity Portal - Access Request flow
For this to happen:
1. The user needs to be an administrator of the provisioning role with a user scoping authority to assign the role to self (where userID = admin's userID)
2. The user needs to have an admin role with a permission scope to execute the task that adds/revokes the provisioning role.
The easiest wait to test scoping and authority is to login to CA Identity Manager UI as the normal user and try to assign the role to self. If you can do this from the Identity Manager UI, then you will see the +/- signs in the entitlements access catalog.
Original Message:
Sent: 06-27-2019 08:48 AM
From: Mukul Anand
Subject: Re: CA Identity Portal - Access Request flow
Hi All,
I am new to CA Identity Portal and need some help. I am trying to implement the Access Module.
1. Created a Target Permission
2. Assigned that to a Role
3. I have added an execution plan and in that plan I have selected Add and Remove options
When I login as an end user, I can see the role available, but there are no +(add) or -(remove) buttons available. Am I missing something?
Original Message:
Sent: 09-24-2018 11:27 PM
From: William Cheang
Subject: Re: CA Identity Portal - Access Request flow
Just to share, after I enable the Modify Form. I can see this(a "repair tool icon") in Portal.
Which mean I can modify my existing Role and change the attributes(Mobile Number) that link to it.