Highlighted
Knowledge Partner
Knowledge Partner
876 views

Automatic fulfilment to IDM

Jump to solution
Hello,

I'm wondering about automatic fulfillment when it comes to IDM roles.

If I do a review and remove a number of IDM roles from users in AR I
want them to be removed in IDM without manual intervention.

According to the documentation that should be possible but it is not
clear to me if I must create a workflow in IDM for that?

The documentation section 19.3.2 tells me that I *can* create a custom
workflow but then in section 19.3.3 it tells me that I can assign
automated provisioning to any IDM application source without mention of
the workflow.

Basically, what do I need to do to auto fulfill the Remove Permission
Assignment task?

Thanks

0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Automatic fulfilment to IDM

Jump to solution

Greetings,
If you want fully "Automatic" fulfillment without any interaction then you would utilize "IDM Automatic Fulfillment". This requires filling in the configuration information in Configuration -> Identity Manager System Connection. Then in Fulfillment -> Configuration -> Fulfillment Targets -> Identity Manager automatic set the fall back. Next go to Fulfillment -> Application set-up set the IDM Application source (and any child applications) to utilize the Identity Manager automatic fulfillment.


If you want to utilize Workflow fulfillment then from Then in Fulfillment -> Configuration -> Fulfillment Targets -> Identity Manager workflow, you will need to download the sample workflow & gcv files, add them into Designer, update as necessary for your requirements, deploy to IDM. Then update the workflow in the Fulfillment -> Configuration -> Fulfillment Targets -> Identity Manager workflow and in the Workflow field search and set the workflow to be used. Next go to Fulfillment -> Application set-up set the IDM Application source (and any child applications) to utilize the Identity Manager workflow fulfillment.


In the future please start a new thread as compared to updating a thread that has not been used for almost 4 years.


Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus

View solution in original post

5 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: Automatic fulfilment to IDM

Jump to solution
Found it 🙂 I was looking under Data source->Applications even though
the manual said Catalog->Applications! D'oh!

On 2016-03-10 17:14, alekz wrote:
> Hello,
>
> I'm wondering about automatic fulfillment when it comes to IDM roles.
>
> If I do a review and remove a number of IDM roles from users in AR I
> want them to be removed in IDM without manual intervention.
>
> According to the documentation that should be possible but it is not
> clear to me if I must create a workflow in IDM for that?
>
> The documentation section 19.3.2 tells me that I *can* create a custom
> workflow but then in section 19.3.3 it tells me that I can assign
> automated provisioning to any IDM application source without mention of
> the workflow.
>
> Basically, what do I need to do to auto fulfill the Remove Permission
> Assignment task?
>
> Thanks
>

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Automatic fulfilment to IDM

Jump to solution

Hi alekz,

I hope this question is regarding Access Review 1.5.
if answer is Yes!! Then, yes we could do automated fulfillment via IDM
workflow.
The required things to perform this are:
1) A Workflow at IDM end with Rest API activity (workflow should have
valid appID & changesetID)
2) we should have below mentioned GCV configured at driverset level/User
App Driver/AR Driver (as your wish, depending on your ease of accessing
GCVs while developing workflow in designer)
NetIQIACURL : Type String : Value:https://resolvedDNS address:port
NETIQIACWORKFLOWSERVERCLIENTID :Type String : Value:<check the value in
configuration files>
NETIQIACAUTHSERVERURL : Type String : Value:<check the value in
configuration files>
NETIQALLOWFETCHNAMEDPASSWORD : Type boolean : Value: true

Once, these are available in your setup.
Move forward to pick these changes from AR for any User Access review &
further you could easily drive changes automatically in your IDM.


Do let me know, if you need any further help ! 🙂
Regards,
anjha0049


--
anjha0049
------------------------------------------------------------------------
anjha0049's Profile: https://forums.netiq.com/member.php?userid=5837
View this thread: https://forums.netiq.com/showthread.php?t=55522

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Automatic fulfilment to IDM

Jump to solution

Hello,

I have the same problem.
You could solve it?

Thanks

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Automatic fulfilment to IDM

Jump to solution

Greetings,
If you want fully "Automatic" fulfillment without any interaction then you would utilize "IDM Automatic Fulfillment". This requires filling in the configuration information in Configuration -> Identity Manager System Connection. Then in Fulfillment -> Configuration -> Fulfillment Targets -> Identity Manager automatic set the fall back. Next go to Fulfillment -> Application set-up set the IDM Application source (and any child applications) to utilize the Identity Manager automatic fulfillment.


If you want to utilize Workflow fulfillment then from Then in Fulfillment -> Configuration -> Fulfillment Targets -> Identity Manager workflow, you will need to download the sample workflow & gcv files, add them into Designer, update as necessary for your requirements, deploy to IDM. Then update the workflow in the Fulfillment -> Configuration -> Fulfillment Targets -> Identity Manager workflow and in the Workflow field search and set the workflow to be used. Next go to Fulfillment -> Application set-up set the IDM Application source (and any child applications) to utilize the Identity Manager workflow fulfillment.


In the future please start a new thread as compared to updating a thread that has not been used for almost 4 years.


Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus

View solution in original post

Highlighted
Knowledge Partner
Knowledge Partner

Re: Automatic fulfilment to IDM

Jump to solution

Steve, that really helped me. You clarified an important distinction I had yet to realize.

 

Automatic vs Workflow fullfillment.  Thank you, very helpul.

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.