Provisioning with IdentityIQ
The IdentityIQ provisioning capabilities help companies manage system access for their personnel. Provisioning requests can be created and processed in several ways in IdentityIQ, based on the needs and configuration of the installation. In many cases, modifications to access or entitlements you request in IdentityIQ can be automatically reflected in the associated native applications.
This chapter traces the flow of the provisioning plan through its evaluation and preparation for processing into the appropriate native system. Included throughout are the IdentityIQ tasks, business processes and rules that operate on the data as it moves through the process.
Note: Business processes are often referred to as workflows.
At a high level, provisioning requests are processed as follows:
-
The provisioning request is made through one of several actions or activities.
-
The request is created as a provisioning plan.
-
The Provisioning Broker evaluates and compiles the provisioning plan, which often involves dividing the original plan into several partitioned plans. Each partitioned plan addresses a single application.
-
Each partitioned provisioning plan is passed to the appropriate handler.
-
For integration configuration or read-write connectors, the change is written to the destination system.
-
For Work Items, a work item is created and assigned to an identity who must for manually process the request into the target system.
-
-
The provisioning actions are confirmed and marked in Identity Cube, based on the mechanisms involved.
Use the Administrator Console link, under the gear icon, to access the Provisioning Transactions table to view the status of all provisioning transactions in your implementation of IdentityIQ; connectors, manual work items, and IdentityIQ operations.
Access to the Provisioning Transaction table is controlled with IdentityIQ rights.