Previous Topic: ModesNext Topic: Managed Mode (Synchronous mode)

Connector GuidesConnectors GuideSample ConnectorModesNon-managed Mode (Asynchronous mode)

Non-managed Mode (Asynchronous mode)

In non-managed mode, program exits are used to alert the system administrator of a non-managed system regarding user provisioning requests. Two program exits are provided: a SendMail exit and a Logging exit. Both of these exits are enabled at the endpoint level for simplicity, for example, either all UPO exits invoke the SendMail exit or none at all. See Further Enhancements for enabling program exits at the UPO exit level.

This connector defines 10 UPO exits in non-managed mode:

ADD_ACCOUNT

Invoked when a new account is created.

DELETE_ACCOUNT

Invoked when an account is deleted.

MODIFY_ACCOUNT

Invoked when an account is modified, except for password, account status or request status changes. Password and status modifications invoke different UPO exits.

RENAME_ACCOUNT

Invoked when an account is renamed.

CHANGE_ACCOUNT_PASSWORD

Invoked when the password of an account is changed.

ENABLE_ACCOUNT

Invoked when the eTSuspended attribute of an account is set to enabled.

DISABLE_ACCOUNT

Invoked when the eTSuspended attribute of an account is set to disabled.

INVOCATION_ERROR

Invoked when a UPO exit fails or returns an error. This exit then throws an exception which results in a failed user provisioning request. Note that this is invoked when there is an error in the exit invocation, not due to an error on the endpoint.

REQUEST_PENDING

Invoked when a UPO exit was invoked successfully. A file is created containing the account name to indicate that a request for that account is pending. In this state, no other requests are acceptable and any such request should result in an exception.

Note: This implementation works well if there is only one CA IAM CS in the provisioning system. If there is more than one CA IAM CS, this implementation does work. Refer to SLA Exits for an alternative solution.

REQUEST_COMPLETED

Invoked when the request status is marked as completed. The request file, created on a previous REQUEST_PENDING, is deleted, indicating that further user provisioning requests for the account are now acceptable.

In non-managed mode, the UPO exits do not do anything other than invoke the SendMail or Logging exits if so configured.

Note: You are still required to explore the endpoint to create the necessary placeholders such as account and group containers. But exploring in this mode, or performing lookup on specific accounts, does not return or create new accounts.