Efecte Identity Management Orchestration

The Visual Workflow Engine can orchestrate a defined set of external systems. Currently, it is possible to orchestrate the following activities in Efecte Identity Management:

• Activate/deactivate user account.
• Assign/remove a role (or AD group) to a user.
• Assign/remove a role from a role group in Efecte Identity Management.

The orchestration node has always to possible outcomes: either the orchestration has been completed or there has been an exception and the orchestration action could not be performed.

Different follow up actions can be defined in case there is an exception such as incident being recorded or a notification to the service desk to complete the action manually. Exception can be that the attribute that should be affected in the external system is not present or the external system cannot be reached at all within a configurable time frame.

EIM orchestration node configuration for user role management:

In the illustration above, the Person attribute configuration should point to the template where the orchestration node finds the user’s data. The Role attribute needs to be configured to define where the orchestration node finds the available roles for role management.

To connect Efecte Service Management and Efecte Identity Management, it is necessary to configure several workflow settings in the Platform Settings in Administration UI.

EIM orchestration-related platform settings with the related explanations:

In regards to role management of end users, when a permission is created for a user (called agent in EIM) then the service to which role is linked in EIM to has to be also linked with service agreement in EIM.