Sun Identity Manager 8.1 Business Administrator's Guide

Provisioning External Resources

This section describes the actual provisioning process, including:

ProcedureTo Assign an External Resource to a User

Use these steps to assign an external resource to a user:

Note –

To assign external resources, you must have the Resource Administrator capability.

  1. Click Accounts -> List Accounts and then click the user's name from the page.

  2. When the Edit User page displays, click the Resources tab.

  3. Locate the External resource in the Individual Resource Assignment's Available Resources list, move it to the Current Resources list, and then click Save.

    Figure 5–19 Edit User Page

    Figure showing a selection tool on the Edit User page

    Identity Manager creates a provisioning task and sends you a message indicating who owns that provisioning task. Remember that one or more provisioners were defined, using the Provisioners Rule, when the Provisioner Notification page was configured for this resource.

    Identity Manager also notifies the provisioners by using email or a Remedy ticket that they have a request pending.

    Note –

    As with other resources, you can define approvers and they can approve or reject a request. You must define provisioners, but they do not approve or reject requests. Instead, provisioners either complete or do not complete tasks.

  4. Click OK to return to the Accounts -> List Accounts page. Notice that an hourglass is displayed next to the user's name, in the work item icon, to indicate the request is pending.

ProcedureTo Respond to An External Resource Provisioning Request

When a provisioning request is generated, the request suspends the provisioning process until one of the defined provisioners completes the manual provisioning or marks the request not complete, or the request times out. Identity Manager audits these provisioning responses.

As with any other work item, you can review all of your pending external resource provisioning requests from the Work Items -> Provisioning Requests tab.

You respond to provisioning requests as follows:

  1. Click the Work Items > Provisioning Requests tabs to open the Awaiting Provisioning page.

    Figure 5–20 Awaiting Provisioning Page

    Figure showing an example provisioning request awaiting

  2. Locate and select the pending provisioning request.

  3. Optionally, you can open your provisioning request email, click a link that is defined in the Provisioning Request Template, and log in to view a page containing details about the provisioning request.

    From this page, you can update any of the requested attributes to accurately reflect what was provisioned for the user. For example, if the user requested a Sony laptop, but that model was not available, you could update the page with the model you actually provisioned.

    Figure 5–21 Provisioning Request for a New Laptop

    Figure showing an example request for a new laptop external

  4. Click one of the following buttons to process the request:

    • If you can provision the resource, click Completed.

      Identity Manager updates the user's external resource account attributes to show what was actually provisioned, removes the pending provisioning state flag, and completes the provisioning request work item being updated.

      If configured, Identity Manager also notifies the requester that the provisioning request is complete by using the email template configured for that purpose.

    • If you cannot provision the resource, specify a reason why, and click Not Completed.

      When you mark a request Not Completed,

      • The user is not provisioned to the external resource.

      • The external resource remains assigned to the user.

      • A yellow icon, indicating that an update is needed for the user, displays next to the user's name.

        If this user is edited, an error message displays, stating that the user cannot be found in the external resource.

      • If configured, Identity Manager also notifies the requester by using the email template configured for that purpose.

    • If you cannot provision the resource you can also click Forward to forward the request to someone else.

    When the provisioning request work item is completed or not completed, Identity Manager clears the user's assigned external resource pending state and no updates occur to the external resource data store.

    The resource displays in the user's list of assigned resources and in the list of current resource accounts, including the user's accountId on that resource.

    Note –

    If the assigned provisioner does not respond to a provisioning request before the specified timeout period, Identity Manager will cancel the associated provisioning request work item.

Escalating Provisioning Requests
Delegating Provisioning Requests

You can delegate external resource provisioning work items just like any other provisioning request. See Delegating Work Items for more information and instructions.