This section provides instructions for configuring the General tab, which is available as part of the task template configuration process. For instructions on how to start the configuration process see Configuring the Task Templates.
In the Administrator interface, the pages for editing the Create User Template and Update User Template are identical, so configuration instructions are provided in one section.
When you open either the Edit Task Template Create User Template form or the Edit Task Template Update User Template form, the General tab page displays by default. This page consists of a Task Name text field and a Insert an attribute menu, as shown in Figure 9–4. For instructions on how to start the configuration process see the Configuring the Task Templates section.
Task names can contain literal text and/or attribute references that are resolved during task execution.
Type a name into the Task Name field.
You can edit or completely replace the default task name.
The Task Name menu provides a list of attributes that are currently defined for the view associated with the task configured by this template. Select an attribute from the menu (optional).
Identity Manager appends the attribute name to the entry in the Task Name field. For example:
Create user $(accountId) $(user.global.email)
When you are finished, you can
Select a different tab to continue editing the templates.
Click Save to save your changes and return to the Configure Tasks page.
The new task name will display in the Identity Manager task bar, located at the bottom of the Home and Accounts tabs.
Click Cancel to discard your changes and return to the Configure Tasks page.
When you open the Edit Task Template ’Delete User Template' page the General tab page displays by default. (For instructions on how to start the configuration process see Configuring the Task Templates.)
Use the Delete Identity Manager Account buttons to specify whether an Identity Manager account can be deleted during a delete operation.
These buttons include:
Never. Select to prevent accounts from being deleted.
Only if user has no linked accounts after deprovisioning. Select to allow user account deletions only if there are no linked resource accounts after deprovisioning.
Always. Select to always allow user account deletions, even if there are still resource accounts assigned.
Use the Resource Accounts Deprovisioning boxes to control resource account deprovisioning for all resource accounts.
Unassigning or unlinking an external resource from a user does not generate a provisioning request or a work item. When you unassign or unlink an external resource Identity Manager does not deprovision or delete that resource account, so there is nothing for you to do.
These boxes include:
Delete All. Enable this box to delete all accounts representing the user on all assigned resources.
Unassign All. Enable this box to unassign all resource accounts from the user. The resource accounts will not be deleted.
Unlink All. Enable this box to break all links from the Identity Manager system to the resource accounts. Users with accounts that are assigned but not linked will display with a badge to indicate that an update is required.
These controls override the behaviors in the Individual Resource Accounts Deprovisioning table.
Use the Individual Resource Accounts Deprovisioning boxes to allow a more fine-grained approach to user deprovisioning (compared to Resource Accounts Deprovisioning).
These boxes include:
Delete. Enable this box to delete the account that represents the user on the resource.
Unassign. Enable this box and the user will no longer be assigned directly to the resource. The resource account will not be deleted.
Unlink. Enable this box to break the link from the Identity Manager system to the resource accounts. Users with accounts that are assigned but not linked will display with a badge to indicate that an update is required.
The Individual Resource Accounts Deprovisioning options are useful if you want to specify a separate deprovisioning policy for different resources. For example, most customers do not want to delete Active Directory users because each user has a global identifier that can never be re-created following deletion. However, in environments where new resources are added, you might not want to use this option because the deprovisioning configuration would have to be updated every time you add a new resource.