Skip to main content

Configuration examples and use cases

Inventory management workflow is highly customizable. The following use cases represent a few possible configurations.

Use case: RSA SecurID Authenticator provisioning

The following use case illustrates the workflow for RSA Authentication Manager 7.1/8.2 token provisioning:

  1. A user submits a request for a new account. The user enters user attributes, selects the RSA Authentication Manager 7.1/8.2 template, and enters a password.

  2. A user who can authorize requests will review the request and approve it. The request is then approved.

  3. The request is processed and sent to the connector.

  4. The RSA Authentication Manager connector sends the request to the RSA Authentication Manager 7.1/8.2 server.

  5. The RSA Authentication Manager 7.1/8.2 server receives the request and:

    1. Creates the user account if it doesn’t already exist.

    2. Assigns the token to the user.

    3. Sets the password of the RSA Authentication Manager user as the password of one of the configured attributes.

    4. Sets the PIN of the token as the password.

    5. If any of the above operations fail, unassigns the token.

  6. Upon success the token inventory manager is notified to deliver the token to the user.

  7. The user is notified of the new account, and is given instructions on how to activate the token using the Bravura Pass token management module.

Use case: Item provisioning with an implementer who is also the inventory manager and authorizer

For this use case a company uses the following configuration to provision smart phones to users in New York City:

  • Inventory items SPH123 and SPH456 are included in a group of items classified by type=SPH and location=New York City.

  • Items classified by type=SPH and location=New York City are configured to use ”In transit/Received by user” states.

  • User ADAM is assigned as an inventory manager for smart phones in New York City.

  • An inventory template account is defined as:

    ID

    INV_SPH

    Target system

    Warehouse (NULL Target)

    Password required

    deselected

    Item type

    SPH

    Location

    New York City

    Resource operations

    Implementer

    Authorizer

    ADAM

    Implementer

    ADAM

  • A pre-defined request is defined as:

    ID

    PDR_SPH

    Description

    Order a new smart phone

    Operations

    New account: Template account = INV_SPH

    Attributes

    APP_BUILTIN

    Access control

    _EXISTING_USERS_ = REQUESTER

When an inventory item is provisioned using the above configuration:

  1. The user clicks View and update profile.

  2. The user selects the Order a new smart phone request, enters notes and submits the request.

  3. Using the Requests app, the authorizer ADAM approves the request.

  4. While in the Requests app, ADAM accepts the task of implementing the request. He selects item SPH1234 for the user and clicks Item is in transit to the user.

    ADAM can also choose from the following options:

    • Reserve the item

    • Cannot Complete

    • Decline

    • Delegate the task

    ADAM ships the phone to the user.

  5. The user receives the item, logs in and acknowledges receipt using the Requests app.

  6. ADAM logs in and using the Requests app marks the request as completed.

    The user now owns an account called SPH1234 on the placeholder target system "Warehouse".

When an inventory item is returned by a user using the above configuration:

  1. The user returns the item.

  2. ADAM logs in, clicks Manage inventory and unassigns item SPH1234.

    The account is deleted from the user’s profile and the item is available for provisioning.

Use case: Item provisioning with an implementer, no authorizer or inventory manager

For this use case a company uses the following configuration to provision desktops to users Calgary:

  • Inventory items DESKTOP001 and DESKTOP002 are included in a group of items classified by type=DESKTOP and location=Calgary.

  • User ADAM is assigned as the implementer.

  • An inventory template account is defined as:

    ID

    DESKTOP_CALGARY

    Target system

    Warehouse (NULL Target)

    Password required

    deselected

    Item type

    DESKTOP

    Location

    Calgary

    Resource operations

    Implementer

    Authorizer

    0 required

    Implementer

    ADAM

  • A pre-defined request is defined as:

    ID

    PDR_DESKTOP_CALGARY

    Description

    Order a new desktop computer

    Operations

    New account: Template account = DESKTOP_CALGARY

    Attributes

    APP_BUILTIN

    Access control

    _EXISTING_USERS_ = REQUESTER

When an inventory item is provisioned using the above configuration:

  1. The user clicks View and update profile.

  2. The user selects the Order a new desktop computer request, enters notes and submits the request.

  3. Using the Requests app, ADAM accepts the task of implementing the request.

    Bravura Security Fabric automatically assigns an available desktop.

  4. While in the Requests app, ADAM clicks Complete.

    The user now owns an account called "DESKTOP001" on the placeholder target system "Warehouse".

Note that when there is no inventory manager Bravura Security Fabric automatically assigns the first available item. The implementer does not have the option to change the state of the item.

When an inventory item is returned by a user using the above configuration:

  1. The user logs in and clicks View and update profile.

  2. The user then selects Change account and follows the wizard to remove the desktop account from his profile.

    The item becomes available for provisioning.

Use case: Item provisioning with an authorizer, no implementer or inventory manager

For this use case a company uses the following configuration to provision desktops to users in Warana:

  • Inventory items DESKTOP003 and DESKTOP004 are included in a group of items classified by type=DESKTOP and location=Warana.

  • User ADAM is assigned the authorizer.

  • An inventory template account is defined as:

    ID

    DESKTOP_WARANA

    Target system

    Warehouse (NULL Target)

    Password required

    deselected

    Item type

    DESKTOP

    Location

    Warana

    Resource operations

    Connector

    Authorizer

    ADAM

  • A pre-defined request is defined as:

    ID

    PDR_DESKTOP_WARANA

    Description

    Order a new desktop computer

    Operations

    New account: Template account = DESKTOP_WARANA

    Attributes

    APP_BUILTIN

    Access control

    _EXISTING_USERS_ = REQUESTER

When an inventory item is provisioned using the above configuration:

  1. The user clicks View and update profile.

  2. The user selects the Order a new desktop computer request, enters notes and submits the request.

  3. Using the Requests app, the authorizer ADAM approves the request.

    Bravura Security Fabric automatically assigns an available desktop.

    The user now owns an account called DESKTOP004 on the placeholder target system "Warehouse".

Note that when there is no inventory manager or implementer Bravura Security Fabric automatically assigns the first available item and the connector completes the operation.

When an inventory item is returned by a user using the above configuration:

  1. The user logs in and clicks View and update profile.

  2. The user then selects Change account and follows the wizard to remove the desktop account from his profile.

    The item becomes available for provisioning.

Use case: Item provisioning with an implementer who is also the inventory manager with no authorization required

For this use case a company uses the following configuration to provision laptops to users in Calgary:

  • Inventory items LAPTOP001 and LAPTOP002 are included in a group of items classified by type=LAPTOP and location=Calgary.

  • Item classified by type=DESKTOP and location=Calgary are configured to use ”In transit/Received by user” states.

  • User ADAM is assigned as an inventory manager and implementer for laptops in Calgary.

  • An inventory template account is defined as:

    ID

    LAPTOP_CALGARY

    Target system

    Warehouse (NULL Target)

    Password required

    deselected

    Item type

    LAPTOP

    Location

    Calgary

    Resource operations

    Implementer

    Authorizer

    0 required

    Implementer

    ADAM

  • A pre-defined request is defined as:

    ID

    PDR_LAPTOP_CALGARY

    Description

    Order a new laptop

    Operations

    New account: Template account = LAPTOP_CALGARY

    Attributes

    APP_BUILTIN

    Access control

    _EXISTING_USERS_ = REQUESTER

When an inventory item is provisioned using the above configuration:

  1. The user clicks View and update profile.

  2. The user selects the Order a new laptop request, enters notes and submits the request.

    The request is automatically approved.

  3. Using the the Requests app, ADAM accepts the task of implementing the request. He selects item LAPTOP001 for the user and clicks Item is in transit to the user.

    ADAM can also choose from the following options:

    • Reserve the item

    • Cannot Complete

    • Decline

    • Delegate the task

  4. ADAM ships the laptop to the user in Calgary.

  5. The user receives the item, logs in and acknowledges receipt using the Requests app.

  6. ADAM logs in and using the Requests app marks the request as complete.

    The user now owns an account called LAPTOP001 on the placeholder target system "Warehouse".

When an inventory item is returned by a user using the above configuration:

  1. The user returns the item.

  2. ADAM logs in, clicks Manage inventory and unassigns item LAPTOP001 .

    The account is deleted from the user’s profile and the item is available for provisioning.

Use case: Item provisioning with an authorizer, an inventory manager and no implementer.

For this use case a company uses the following configuration to provision laptops to users in Montreal:

  • Inventory items LAPTOP003 and LAPTOP004 are included in a group of items classified by type=LAPTOP and location=Montreal.

  • User ADAM is assigned as an inventory manager and authorizer for laptops in Montreal.

  • An inventory template account is defined as:

    ID

    LAPTOP_MONTREAL

    Target system

    Warehouse (NULL Target)

    Password required

    deselected

    Item type

    LAPTOP

    Location

    Montreal

    Resource operations

    Connector

    Authorizer

    ADAM

  • A pre-defined request is defined as:

    ID

    PDR_LAPTOP_MONTREAL

    Description

    Order a new laptop

    Operations

    New account: Template account = LAPTOP_MONTREAL

    Attributes

    APP_BUILTIN

    Access control

    _EXISTING_USERS_ = REQUESTER

When an inventory item is provisioned using the above configuration:

  1. The user clicks View and update profile.

  2. The user selects the Order a new laptop request, enters notes and submits the request.

  3. Using the Requests app, the authorizer ADAM approves the request.

    The user now owns an account called LAPTOP004 on the placeholder target system "Warehouse".

  4. ADAM ships the laptop to the user.

  5. The user receives the item.

  6. ADAM logs in and clicks Manage inventory and changes the state of the assigned laptop to ”Assigned”.

Note that when there is no implementer, the inventory manager must manually change the state of the item to ”Assigned” using Manage inventory.

When an inventory item is returned by a user using the above configuration:

  1. The user returns the item.

  2. ADAM logs in, clicks Manage inventory and unassigns item LAPTOP004.

    The account is deleted from the user’s profile and the item is available for provisioning.

Use case: Item provisioning with an inventory manager, no authorizer or implementer

For this use case a company uses the following configuration to provision smart phones to users in Warana:

  • Inventory items SPH1000 and SPH1001 are included in a group of items classified by type=SPH and location=Warana.

  • User ADAM is assigned as an inventory manager for smart phones in Warana.

  • An inventory template account is defined as:

    ID

    SPH_WARANA

    Target system

    Warehouse (NULL Target)

    Password required

    deselected

    Item type

    SPH

    Location

    Warana

    Resource operations

    Connector

    Authorizer

    0 required

  • A pre-defined request is defined as:

    ID

    PDR_SPH_WARANA

    Description

    Order a new smart phone

    Operations

    New account: Template account = SPH_WARANA

    Attributes

    APP_BUILTIN

    Access control

    _EXISTING_USERS_ = REQUESTER

When an inventory item is provisioned using the above configuration:

  1. The user clicks View and update profile.

  2. The user selects the PDR_SPH_WARANA request, enters notes and submits the request.

    The request is automatically approved and Bravura Security Fabric automatically assigns the first available item..

  3. ADAM ships the phone to the user.

    The user now owns an account called SPH1000 on the placeholder target system "Warehouse".

  4. The user receives the item.

  5. ADAM logs in and clicks Manage inventory and changes the state of the assigned laptop to ”Assigned”.

Note that when there is no implementer, the inventory manager must manually change the state of the item to ”Assigned” using Manage inventory.

When an inventory item is returned by a user using the above configuration:

  1. The user returns the item.

  2. ADAM logs in, clicks Manage inventory and unassigns item SPH1000.

    The account is removed from the user’s profile, and the item is available for provisioning.

In this section: