LCM


--------------------------------LCM  Events ---------------------------------

Life Cycle Events created based on : -





Joiner / Mover / Leaver  :-----------------------------

Joiner  :   Whenever life cycle event selected is create and you load the data first time from an authoritative source that time this tag triggerSnapshot gets created. .



After  Running Identity Refresh Task  the joiner event workflow launched  and verify in debug the entry in triggerSnapshot is removed. 






Leaver ::   Testing for   "Single Account Aggregation"

To move the AD account to a Terminated Users OU. 





AttributeRequest name="UserAccountControl " op="Set" value="514"



LCM :   


  • It provides access management capabilities like password reset, user self service, etc.   it also implements lifecycle management.

  •  It allows users, managers, or any employee to request access  that  go through an approval process and then  provisioned to the  end point applications.  

  • Provisioning is handled by the provisioning engine inside IdentityIQ, while Compliance Manager handles the GRC part.

  • Both LCM and compliance manager can trigger provisioning.

  • Both the provisioning from Certifications and Policies are handled outside of LCM, by the Compliance Manager.

  • Both LCM and Compliance Manager can generate provisioning requests that are sent to the provisioning engine.

  • Workflows drive all provisioning functionality in Lifecycle Manager (LCM). 

  •  IdentityIQ includes some default workflows so that LCM is fully-functional out of the box. 

  • Multiple default  workflows  support each type of provisioning activity in LCM.   example,

  •  one workflow controls provisioning of new accounts and changes to accounts (e.g. entitlement changes, enable/disable operations), 

  • another workflow controls password resets, and a third controls creation and editing of identities and identity attributes.


  • To  code reuse, top-level, or master, workflows performs  its duty through  subprocess workflows example  are. 

  1. Initialize: Compile the provisioning plan, set up the identity request perform initial auditing, check policies, do pre-approval data gathering
  2. ApproveGather approvals 
  3. Provision:  complete the provisioning actions in order to update target systems
  4. Notify: Send emails of the final status of the provisioning request
  5. Finalize: Mark the identity request with the final status of the provisioning request, perform final auditing



 4 Main Workflows :



  • LCM Provisioning
  • LCM Manage Passwords
  • LCM Create and Update
  • LCM Registration






LCM Subprocess Workflows :



Identity Request Initialize  :


The Identity Request Initialize subprocess is the first one called by the Lifecycle Manager master (top-level) workflows LCM Provisioning, LCM Create and Update, and LCM Manage Passwords.  It performs several important functions:
  • Compile the provisioning plan into a provisioning project
  • Create the approvalSet which will be used to track approval decisions for the request
  • Check the request against active policies for policy violations
  • Audit the start of the provisioning process
  • Create and begin populating the identity request
  • Gather any supplemental provisioning data required from the requester

The most important of these functions is the first one -- plan compilation -- since that is a required part of the provisioning process.  Most of the other options can be turned on or off with workflow variable 


Approve and Provision Subprocess  :



 LCM Provisioning workflow uses this subprocess to manage approval and provisioning

The purpose of this subprocess is to drive the approval and provisioning processes for the project or plan passed to it.



Identity Request Approve :


This is the approval workflow used by the LCM Provisioning workflow  This subprocess includes four possible approvals, executed sequentially depending on how the approval is configured.  These are:
  • Manager Approval
  • Owner Approval
  • Security Officer Approval
  • Batch Approval


Identity Request Approve Identity Changes :



This is the approval subprocess used by the LCM Create and Update workflow to get approval for identity creation or identity attribute changes.  This  build a form for the approval which allows the approver to modify the attribute values during the approval process.  


Identity Request Notify  :



The Identity Request Notify subprocess is used by the LCM ProvisioningLCM Create and Update, and LCM Manage Passwords top-level LCM workflow to send emails, notifying  final status of the provisioning request.  Workflow variables determine which users are notified.



Identity Request Finalize  :



This is the subprocess used by the LCM ProvisioningLCM Create and Update, and LCM Manage Passwords  to finish the workflow process.



































































































Subscribe to: Posts (Atom)