Setting up automated user administration
To set up automated user administration:
Determine what you want to track.
At a minimum, track changes to user attributes either at the target system or profile and request attribute level. User attribute tracking is the only change that can be automatically propagated without the use of a script.
Track at least one change to:
In addition to a change tracking option, managed groups also include an option to detect out-of-band changes and automatically submit requests to undo or redo them using Bravura Security Fabric workflow.
Determine what changes you want to make to subordinate systems, attributes, or groups.
Set profile and request attribute logic settings for automatic propagation as required.
If required, write an
idtrack.pslscript that tells idtrack which automated provisioning tasks must be performed.The script is required to automate provisioning of changes to accounts, group memberships, or account attributes. It is optional when tracking profile and request attributes.
It is not necessary to schedule
idtrackas it is always executed during auto discovery.Set the KEEP DIFF DAYS variable in Maintenance > Options if you want to limit the number of diff sets stored in the database. By default Bravura Security Fabric keeps them forever.
Set up static authorization for automatic or scripted propagation by assigning authorizers at the target system level, or determine authorization dynamically with a plugin program.
Configure Automated workflow request options .