Virtual systems
Imagine a situation when you need to manage accounts in systems, but it does not make sense to connect these systems to IdM for direct management. Then you have the function of “Virtual Systems”. How does it work?
To create, change (e.g. assign rights), or delete accounts on a virtually connected system CzechIdM will instruct the administrator via email to do that . The administrator of the virtual system will make the changes and then confirm it in the CzechIdM.
Users of CzechIdM works with the system, account and roles the same way as with directly managed system. It means they get/lose account on the system, can request role changes etc…
Benefits
With a virtually connected system you get a central support of the identities life cycle and central role management for a large variety of systems. More over, a large number of systems can be virtually connected in a short period of time.
Supported operations
- create – create a new user account and set the required rights
- update – change a user account or user permissions (membership in groups, roles, etc.)
- delete – delete a user account
- disable – deactivate a user account on the system
- enable – activate a non-active user account on the system
- password reset – the user has requested a password reset
State comparison tool for accounts
Since the virtual systems are dependent on administrator’s manual actions, standard data synchronization (system -> CzechIdM) is not supported. Instead CzechIdM will offer a tool to compare state of accounts in CzechIdM and virtual system. The only presumption on the virtually connected system is that it supports account exports to the text file (csv), which almost all nowaday system does.
- State comparison tool – the authorized person via the IdM site uploads the CSV in a defined format and the IdM evaluates the differences against the state of the VS in CzechIdM. The result is the report of differences.
Mass operations
When connecting new large system virtually, bulk operations will be useful. Bulk operations will be:
- load system roles
- load system users
- assign users to roles
Bulk operations will be either XLS or CSV.
