How to enable accumulated an PR event with workflow
search cancel

How to enable accumulated an PR event with workflow

book

Article ID: 217025

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

The CA Identity Manager product documentation states "You can associate a workflow process with the AccumulatedProvisioningRolesEvent. In this case, an approver can approve or reject the entire event, which approves or rejects each of the individual events.Additional configuration is required to enable workflow for individual events within the AccumulatedProvisioningRolesEvent."

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/administrating/managed-endpoints-and-provisioning/provisioning-roles/role-and-template-tasks/provisioning-role-event-processing-order.html

 

However, it does not provide further details on additional configuration requirements.  What is required to enable accumulated provisioning roles with Workflow in CA Identity Manager (IDM).

Environment

Release : 14.3.x

Component :

IdentityMinder(Identity Manager)

IdentitySuite (CA Identity Manager Suite)

Resolution

  1. Enable the Accumulate Provisioning Role from the CA Identity Manager Management Console.  

    Navigate to -> Home › Environments › <env_name> › Advanced Settings › Provisioning Enable the check box "Enable Accumulation of Provisioning Role Membership Events".



  2. You will now see the "Approve Accumulated Provisioning Roles" Task in View Admin Task in the CA Identity Manager User Console.



  3. Assign this Admin Task to the "System Manager" Role.  To do this Navigate to 

       Admin Roles -> Modify Admin Role-> System Manager-> Task Tabs Select "Filter by category" as User Select "Add Task" as "Approve Accumulated Provisioning Roles"



  4. Go to Modify Admin Task-> Search "Modify User Task" or "Any task" required for Work flow configuration.  In this example use "Modify User Task"

  5. Select "Modify User Task" from Above Search -> Events Tab -> <Set up the work flow for AccumulatedProvisioningRolesEvent> -> select "Non-Policy Based" WorkFlow Mapping -> Select "AccumulatedProvisioningRolesApproveProcess" process and Submit this task.



  6. Workflow is now configured!

  7. If you now modify a user and add Provisioning Roles into the Provisioning Tab and click submit this task.

  8. The System Manager Role's Member will get a Work Item for approval

 

Additional Information

Please note that the Accumulated Provisioning Role Workflow is designed for the IM User Interface.  

If an approver is assigned an "Accumulated Provisioning Role" event it will appear in both their IM Worklist and their IP (Identity Portal) task queue.  However, you cannot approve the individual PR requests in IP (That can only be done via the IM User Console), you can only Reserve or Submit (Reject) a complete request in IP.

Powered by Wolken Software