Skip to content

Rapid Setup

About Rapid Setup

Rapid Setup is a business-user-friendly interface that offers a streamlined way to onboard applications and handle common identity management scenarios such as joiner, mover, leaver, and terminating identities. It provides preconfigured processes that follow best practices for managing identities.

Rapid Setup lets you separate the technical and IT-centric steps of onboarding and configuring applications (such as defining connection parameters and schemas) from the business-centric steps of defining the business processes the application should follow. Rapid Setup removes the complexity of implementation by providing a guided experience for non-technical users.

Rapid Setup does not replace existing IdentityIQ functions for onboarding applications and managing identities. Instead, it provides an alternative way of defining application behavior and the events and processes for managing identities, in a configurable and guided way, and in a single, centralized UI.

Some of Rapid Setup's behavior and options are set globally and will apply to all applications that are onboarded with Rapid Setup. Other options can be set at the application level, so that you can customize processes for each application.

Applications that you want to onboard with Rapid Setup must have connection parameters and schemas already defined. To make application onboarding easier for your business users, it is helpful to also predefine elements such as email templates, business processes, any rules you may want to use, and other event-specific drivers of identity processing. For more details, see Prerequisites for Configuring and Using Rapid Setup (link).

For information on configuring Rapid Setup's global options, see Rapid Setup Configuration (link).

Rapid Setup comes included in Lifecycle Manager and does not need to be installed separately.

Rapid Setup Joiner Overview

The Joiner process defines the operations that are run when a new user joins your organization.

These can include:

  • Building a provisioning plan which includes:

    • Assigning birthright roles. Birthright roles are any business roles that all employees have simply because they are employees, The Rapid Setup Joiner process uses assignment rules to determine how these roles are assigned to identities.

    • Creating a new account on each application that has account-only provisioning enabled (if no account exists yet). Account-only provisioning is used when there are no roles or entitlements that require the creation of accounts, but you want an empty account created on the application for the user anyway. Account-only creation will occur only if the identity meets the creation criteria that is configured in the Joiner process for that application.

  • Executing the provisioning plan. The provisioning business process for Joiners is configured at a global level for Rapid Setup. See Rapid Setup Configuration (link).

  • Notifying the manager with results of provisioning.

  • Optionally, notifying the manager when a temporary password is generated.

  • Running an optional post-joiner rule.

The Joiner process must be enabled globally before users can configure and use it on a per-application basis. See Rapid Setup Configuration (link) for details about global configuration.

Rapid Setup Mover Overview

The Mover process defines the operations that are launched when an identity moves within your organization. What constitutes a "move" can be defined according to your organization's needs, in the global settings for Rapid Setup. Some common examples of moves are change of manager and change of location.

Mover processes can include:

  • Generating a certification for the identity that is moving, before mover processing begins. Settings at the application level can determine whether or not to certify additional entitlements. A global setting can be configured to bypass certifications during mover processing.

  • Perform a joiner-type provisioning on the moving identity. When joiner processing is enabled, birthright roles will always be assigned or removed as appropriate. Settings at the application level can determine whether or not to perform account-only provisioning during mover processing. Global settings can be configured to bypass joiner-type provisioning.

  • Running an optional post-mover rule.

The Mover process must be enabled globally before users can configure and use it on a per-application basis. See Rapid Setup Configuration (link) for details about global configuration.

Rapid Setup Leaver Overview

The Leaver process defines the operations that are launched when someone leaves your organization. The criteria for how "leaving" is defined is configured according to your organization's needs, in Rapid Setup's global configuration.

Leaver processes can include:

  • Reassigning ownership of artifacts(such as tasks, applications, and policies) currently owned by the leaving identity.

  • Notifying the manager of the leaving identity about reassigned artifacts.

  • Reassigning the administration of identities that are currently administered by the leaving identity. This option is typically used for service account or RPA type identities that the leaver is responsible for administering.

  • Notifying the manager of the leaving identity about the reassigned identities.

  • Auto-rejecting requests targeted for the leaving identity.

  • Running an optional post-leaver rule.

  • Updating links which may need updating due to a move.

The Leaver process can build an immediate provisioning plan to:

  • Remove of the identity's assigned roles

  • For each application on which identity has an account, and for which Leaver processing is enabled, determine which of these actions to perform, and whether to perform each one immediately or to defer the action:

    • Removal of the identity's entitlements (unless they are excluded from removal).

    • Scrambling the identity's password on the application.

    • Adding a comment to an account attribute.

    • Moving the account to a different OU on a container-based application.

    • Disabling the account.

    • Deleting the account.

  • Execute the immediate provisioning plan.

  • Notify the manager with results of the immediate provisioning.

The Leaver process must be enabled globally before users can configure and use it on a per-application basis. See Rapid Setup Configuration (link) for details about global configuration.

You can also define processes for the immediate termination of identities, that can be distinct from your other leaver processes. Some of the termination behavior is configured globally as part of Identity Operations Configuration (link); you can also define application-specific termination behavior as part of leaver processing.