Birthright Provisioning

• Birthright provisioning 

     To trigger Joiner workflow, follow steps.

1. Run account aggregation of Authoritative Application.

2. Run Identity refresh cube task with the Process Events options checked - It will trigger the joiner workflow.

1. In Lifecycle event, enable the joiner life cycle event.Select "Lifecycle Event - Joiner" and in process designer select the script.
2. Write a custom workflow which creates a provisioning plan to provision the birthright access and invokes the required methods to process the plan.                                                                                                                                                                                                                                           NOTE: To prevent locking contention with the refresh task that launches it, the workflow must be executed in the background.  This is accomplished through a wait=”1” attribute in the Start Step, which causes the workflow to pause for 1 minute. It will be restarted by the next Perform Maintenance task that runs after that one minute delay; in most installations, Perform Maintenance is set to run every 5 minutes. 
3. Specify that workflow as the Business Process launched by the Joiner Lifecycle Event.  Ensure that the Joiner Lifecycle Event is enabled.  
4. Aggregate the authoritative HR feed.  A new employee or contractor is found, and a new Identity cube is created with a Link on the HR application.   
5. Run an Identity Cube Refresh task with the Process Events options checked.  This identifies the new identity cube and causes the Joiner Lifecycle Event to fire, launching the custom joiner workflow. 

• Birthright Provision using Roles

IdentityIQ has 3 methods of provisioning birthright roles

1.Using Roles and Auto Assignment Rules  

   a)   simple to configure only Assignment Rule 
 using Role Editor  :   
      Example :  employeeType  =  Employee  

  b)    Run Identity Refresh task with these options enabled

•Refresh assigned, detected roles and promote additional entitlements
•Provision assignments
•Enable the generation of work items for unmanaged parts of the provisioning plan (applications that disabled provisioning)

2.Using Lifecycle Event
3.Hybrid method that leverages both a role model and a lifecycle event

•SSF Framework

UseCase :       Birthright Prov from csv file to DataBase table --->  Create (JOINER) :


Note :  Add new LifeCycleEvent  if required.  for example new custom lifecycle event for empDB  as a joiner event.
Here  Disabled checkbox unchecked. 

Steps  to trigger joiner event to launch Birthright WorkFlow are :

• Aggregation Task :      as here using Birthright Prov from csv file so run aggregation task for delimitedfile application.
• Refresh Identity Cube Task
• Schedule/Run Perform Maintenance Task

Next :::                                                                                       
  empDB as a joiner event triggers the Workflow.

Next  :  Example of csv and workflow code.

Based on buid attribute joiner event trigger to provision accounts in database table: The CSV file :

Workflow  :