Application Maintenance Windows

Applications may need to be taken offline for maintenance at various points and for various reasons. You can set a maintenance window in IdentityIQ for any application; maintenance windows are timeframes you specify when an application offline. During a maintenance window, aggregation tasks and provisioning operations are suspended for the application until the maintenance window ends.

Defining a Maintenance Window

To set a maintenance window for an application:

  1. Navigate to Applications > Application Definition and open the application you want to edit.

  2. On the Details tab, check Maintenance Enabled. To set the timeframe for the maintenance window, you can either:

    • Set a specific date and time when the maintenance window should end and the application should return to online status.

    • Leave the expiration field blank to keep the application in maintenance mode until you are ready to bring it back online. In this case, you can return to the application definition to manually clear the Maintenance Enabled checkbox when the maintenance window is over.

  3. Save your changes.

Maintenance Windows and Aggregation

During a maintenance window, IdentityIQ automatically skips the application when running aggregations. A warning message is recorded in the TaskResult for skipped applications.

Maintenance Windows and Provisioning

When an application is in a maintenance window, any provisioning operations (which might be launched by Identity Refresh tasks, certifications, LCM business processes, or custom business processes) are prevented from running for the application. A status of "retry" is automatically returned for any provisioning requests to the applications.

In processes that are launched by a business process, the provisioning will use the standard "retry" behavior configured for the workflow, to attempt to provision again later.

In task-based provisioning processes (such as an Identity Refresh task), retries are handled through Request objects that are created each time the process runs. These are automatically re-processed through the built-in Request Processor retry logic. For example, if you have an Identity Refresh task scheduled to run twice per day, and an application is in a maintenance window for 5 days, IdentityIQ will create 10 Request objects for that action.

Certification remediations will also generate retry Request objects when the target application is in a maintenance window.

If you want to change the retry behavior, you can do so in these ways:

  • It is possible, but not recommended, to modify business process retry behavior through the Provision with retries subprocess. Refer to the LCM Subprocess Workflows white paper on Compass for more information.

  • In the Identity Refresh task, you can select the "Do not schedule retry requests during application maintenance windows" option to prevent retries.

  • For certifications, there is not an option to turn retries off; certification remediations need to be set for retry, because certification cannot be simply "rerun" in the way that tasks and business processes can be.