Currently I’m doing the Essential training, and in page 3-44 from the exercise pdf there is an answer to got my attention
Question?
Notice the Event and the Application columns. Why does this say the application being modified is IdentityIQ?
Answer: Roles assignment happens in IdentityIQ. Provisioning of the entitlements is a separate action that requires the Provision Assignments refresh option
go to admin console -->Provisioning → success see the provisioning transactions
I do see in the vm provide by the training the “success” provisioning, but in my local lab i do not, so I would like to know where I can enable “Provision Assignments refresh option” to also see the sucsess message
Hey Sara @fugitiva, Provision assignment is an option in the refresh identity task. This provisions the entitlements present in a role, which is assigned because of the assignment rule present on that role. Assignment rule is basically a criteria to assign a user that role (here I’m talking about Business Roles) automatically (through refresh task)
@aishwaryagoswami thank you for your answer, I am already aware of the options in the identity refresh tasks
but when Im going to into the vm from training that is not checked, so how its possible to get the provisioning option running with uncheck this option
Hey @fugitiva, oh are you asking why are you seeing the provisioning of the roles even if the Provision Assignment is not checked?
If thats the question, then Provision Assignment causes the provisioning of the entitlements of the already assigned roles (hence you are seeing the transactions for the role addition)
As the definition says - This option causes IdentityIQ to produce and execution Provisioning Plans for all entitlements that are assigned to an Identity cube but are missing in the accounts correlated to the cube. This option is necessary for direct connectors to automate provisioning for automatically assigned business roles
“oh are you asking why are you seeing the provisioning of the roles even if the Provision Assignment is not checked?”
yes
Im dont understand the answer… the question is because in my local (I created my own lab where I replicate from the vm from the training) i dont see the provisioning success, but in the virtual machine form the training yes, so why is that?, I thought somewhere in the vm from training something is enable and/or configure and I am missing that
Sorry Sara, just clarifying is the provisioning of the role failing in your local, meaning are you seeing failures in the provisioning transaction?
If you are not able to see the successful transaction in you local then it might be because you have not enabled the provisioning transaction log for successful provisioning because by default, the Provisioning Transactions table only displays failed provisioning transactions because the Provisioning Transactions log is configured to only store failures.
To change this configuration:
Navigate to the Gear menu → Global Settings → IdentityIQ Configuration → Miscellaneous page.
In the Provisioning Transaction Log Settings section, change Maximum Log Level to Retry or Success.
Retry means the system will log provisioning transactions that return a Failure result or a Retry result (an error message indicating a temporary condition that means a later retry of the provisioning operation will likely succeed and should therefore be auto-retried after a delay interval).
Success means the system will log all provisioning transactions, regardless of their provisioning result status values.
Note that when setting Maximum Log Level to Success, the provisioning transaction log will record high volumes of records. Consequently, it is particularly important in that case to also set the Days before provisioning transaction event deletion value to the number of days you want to retain these records so they will be automatically purged after that time. Leaving that attribute as the default “0” means these records will never be deleted by the system, which would fill your database quickly. Even when using a Retry or Failure maximum log level, this value should be set to purge records you no longer need. The number of days chosen varies by customer.
To turn off provisioning transaction logging entirely, clear the Enable Provisioning Transaction Log box.
After setting these values, scroll down and click Save at the bottom of the page.
Hello @fugitiva, if it answers your question kindly do mark the suitable reply as the solution. If there is anything else which you need to discuss regarding this, do let me know?
that was it!