|
|
|
Run At Events—when the user is created or modified
Data Elements—get the values of the first name and last name
Entry Rules—if the first name or last name has changed based on the data gathered. It prevents the policy from running otherwise.
Action Rules—set the full name to be the value of the first name, space, and the value of the last name.
Run At Events—at create user and modify user
Data Elements—get the value of the user's type
Entry Rules—none (action rules are always evaluated)
Action Rules—1) checks if the user type is an employee 2) checks if the user type is not an employee. Only one of the action rules can be met, and assigns the appropriate provisioning role.
Run At Events— at the end of the assign provisioning role event. This ensures that an account is already created when setting the values.
Data Elements—get the user's department, and also the endpoint type and Active Directory domain to make things easier to manage later on
Entry Rules—if the department is not empty
Action Rules—multiple rules for each possible department. Each rule checks if department equals Sales or any other value. There is a default rule in case the department does not meet any requirements. Different actions are configured for each rule, assigning different values. This ensures that a user in a specific department gets the Active Directory groups and OU they need, while a user in a different department gets others, as appropriate.
Run At Events—on create user, but only after the user has been created (after the create user event has completed)
Data Elements—gets the required HR information, such as user name, country, department, and any other values
Entry Rules—none (action rules are always evaluated)
Action Rules—execute an SQL query which accepts the values gathered as parameters. The result of activating the query is having a new record in the database for the new user.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |