Skip to main content

Propagating profile and request attribute changes

Changes to profile and request attribute values can be tracked. You can configure the idtrack program to execute a variety of provisioning actions automatically. A common use case is to track changes to a profile and request attribute to synchronize attributes on target systems.

To configure idtrack to synchronize profile and request attributes:

  • Determine which attributes are authoritative and what changes should occur based on changes to authoritative attributes.

  • Configure profile and request attributes to be tracked and set the Track changes to this attribute option.

  • Configure attribute propagation by:

Configuring automatic attribute propagation

To set up profile and request attribute logic settings for automatic propagation:

  1. Click Manage the system > Workflow > Options> Automation .

  2. Enable ATTR AUTO PROPAGATE EXECUTE to automatically execute the propagation of changes to profile and request attributes to account attributes on subordinate systems.

  3. Set the ATTR AUTO PROPAGATE REQUESTER field to a valid Bravura Security Fabric user. This is the user that will submit change requests to the Bravura Security Fabric workflow system.

  4. Enable ATTR AUTO PROPAGATE WRITE to automatically write the propagation of changes to profile and request attributes to a work file. You can set this one alone to make changes manually, or combined with ATTR AUTO PROPAGATE EXECUTE for logging purposes.

  5. Set the ATTR AUTO PROPAGATE THRESHOLD to control the number of requests to be submitted due to changes to profile attributes, unless overridden on the command line. If the threshold is exceeded, no requests will be submitted automatically by idtrack . Bravura Security Fabric sends an email to the product administrator (defined by RECIPIENT EMAIL) who can decide whether to run idtrack manually to submit those requests.

Scripting attribute propagation

Scripted attribute propagation is not as simple to set up as automatic propagation, but is more flexible. A tracked change can be a triggering event to perform any provisioning operation allowed via the API.

Two built-in functions are available to the idtrack.psl script to determine changes to profile and request attributes:

  1. getProfileAttrAdded()

  2. getProfileAttrDeleted()

To prevent a profile and request attribute from automatically being propagated, call the autosyncAttrDisable() function from the startup() function in the idtrack.psl script.

In this example, the profile and request attribute "FIRST_NAME" will not be automatically propagated.

 autosyncAttrDisable( "FIRST_NAME" );
In this section: