Joiner:Provisioning Engine Details of App1 and App2(Dependent to the App1) under one IdentityRequest

IdentityIQ (IIQ) IIQ Discussion and Questions
, ,
1

Hi Sailors.

I’m requesting your opinion\advices.

This is about Joiner. Previously in Joiner:

a) I used to trigger Joiner for the New Hires.
b) The Plan is constructed to be executed against the Directory App using the LCM Subworkflow → Initialize, Provision and Finalize.
c) And I used to set the workflow step to wait fo 5 mins:

  - In this Step, I will create a Plan using the Provisioner API.
  • And provisiong the New Hire to a Secondary App with some access.

Note: This Secondary App is dependent of the Directory App. Which means, if I send a provisioning request to the Secondary App, the Secondary App will search for the user details in the Directory App. Both Directory and Secondary app are configured using the Web Services connector.

  • Also the provisioning that I generated using the Provisioner API for the secondary app wont show on the Access Request UI (Identity Request) but the details of the Directory App are shown like Provisioning Details, Interactions and all.

So now coming to the new leaf,

a) I wanted to show the provisioning of the secondary app also on the provisioning engine details of the same IdentityRequest.

   - In which Im failing.

  • When I try to merge the Provisioning Plan of Directory and Secondary App, what is happening is, the Provisioning request of Directory App is successful but for the secondary app which takes time to read the data from the Directory app is failing. (Note: Here Im not using wait=“5”).

  • When I first complete the provisioning of the Directory App and then when I pass the fresh plan of the Secondary app then what is happening is, the Provisioning Engine details of the Directory App in the Identity Request is getting overwritten with the secondary app details.

  • Not sure what to be done.

Lastly what I done is:

a) Under one Joiner Trigger, created two separate Identity Requests to show the details → one for Directory App and one for Secondary app, in which Im successfull but not satisfied.

Requesting your advise\guidance on how I can achieve in showing the Provisioning details of Directory App and depended App which is the Secondary App on the same Identity Request? Appreciate for your opinions in advance. Thank you Sailors!

2

Hi @maheshraj9,

I am doing something similar to your case. In my case, I use the after provisioing rule of Main App to create the provisioing plan for the second. In this case I have the provPlan of main app with response, so I am sure that the account was created and I can send the creation of account for the secondary.

I dont know if this idea can help you.

1 Like
3

Boss Man firstly thank you for your time taking a look into this.

Hands down your idea is great.

But have a question though. If the Main App (Directory App) allows the dependancy only to one other app (Secondary App), I think it should be fine. But what if there are many apps besides the Secondary App that are also depending on the Main App for other purposes? This After provisioning Rule is called whenever the provisioning is called for the Main App right?

Boss Man so am I right or wrong? Please let me know.