Dear All,
Good day to every one!!!
Business used to say that we have huge number of Active Directory applications need to be onboarded. In fact, we need to onboard apps for same target application. It means that When we are requesting for access first time for any new application, the process should not create new AD account. It should add the requested access to existing AD application.
Each application is supposed to be fetch accounts of specific groups. We will need to implement a customization rule to filter out other groups. These list of groups need to be configured in one place. either in application/custom object.
All types of operations, such as Create, Modify, Disable, Delete should be converted as Modify AD Account. We will need to implement this logic in Before provisioning rule.
Remaining configurations are unique(Depends on single org solution/regional solution).
Now, follow below steps to on board thousands of AD apps in minutes.
1. Prepare one AD application template
2. Add rule for all possible customizations to apply the changes to all apps in one go. This is for future enhancements.
3. Implement customization rule, to fetch groups from application/custom object.
4. Implement a before provisionig rule to convert the provisionig plan operation from create to modify.
5. Add provisioning policies in the application.
Step 2:
6. Create one csv file in below format
"App Name", "memberOf"
7. Develop a custom task to clone the application template, to set the consolidated "memberOf" values from csv file to application/custom object.
Now process is ready, here you go.
Good day to every one!!!
Business used to say that we have huge number of Active Directory applications need to be onboarded. In fact, we need to onboard apps for same target application. It means that When we are requesting for access first time for any new application, the process should not create new AD account. It should add the requested access to existing AD application.
Each application is supposed to be fetch accounts of specific groups. We will need to implement a customization rule to filter out other groups. These list of groups need to be configured in one place. either in application/custom object.
All types of operations, such as Create, Modify, Disable, Delete should be converted as Modify AD Account. We will need to implement this logic in Before provisioning rule.
Remaining configurations are unique(Depends on single org solution/regional solution).
Now, follow below steps to on board thousands of AD apps in minutes.
1. Prepare one AD application template
2. Add rule for all possible customizations to apply the changes to all apps in one go. This is for future enhancements.
3. Implement customization rule, to fetch groups from application/custom object.
4. Implement a before provisionig rule to convert the provisionig plan operation from create to modify.
5. Add provisioning policies in the application.
Step 2:
6. Create one csv file in below format
"App Name", "memberOf"
7. Develop a custom task to clone the application template, to set the consolidated "memberOf" values from csv file to application/custom object.
Now process is ready, here you go.
No comments:
Post a Comment