Virtual systems in CzechIdM 7
Virtual systems is one of main section in CzechIdM. In CzechIdM you can have many connected systems. But not for all systems is necessary to be connected directly. For example system with a few users can be connected as virtual system, because connection to system like that will not be used that many times like on other systems, so you can save time and connect these systems like virtual systems.
Virtual system is not directly connected to CzechIdM and all changes have to be made manually by administrator. CzechIdM sends to administrator notification with precise information about create, update or delete account on virtually connected system. Administrator can see which lines has been changed and what was there before change and what will be there after change. And all these tasks are stored in ‘Archive’.
How to create virtual system
Creating virtual system is quite easy. In left main menu of CzechIdM select ‘Virtual systems / List’ and click on Add. It shows dialog for creation a new virtual system.
Fill name for virtual system an rest can be blank. In that case tasks and notification will be sent to administrator. If you fill Implementers or Roles for implementers tasks and notification will be sent to them.
Create new role
We have created new virtual system. Now we will assign system to some users. For this we create new role and create mapping for our new virtual system. In the left menu select Roles. Click on ‘Add’ green button to create new role. Fill name for your new role e.g. ‘RoleForNewVirtualSystem’. Click on ‘Save and continue’.
Now we link this role to virtual server. In details of our new created role, select tab ‘Systems’. Click on ‘Add’ green button. In ‘System’ field select our virtual system, on picture it is ‘NewVirtualSystem’ and in ‘Mapping’ field select ‘Default provisioning (Identity – Provisioning)’ and clcik on ‘Save’.
Create new user
We will create new user and assign him our role, so he will be provisioned to our new virtual system. In left menu select ‘Users’, click on ‘Create user’ green button. Fill Login, First name and Surname (e.g. ‘john.doe’, ‘John’, ‘Doe’) and click on ‘create and edit’. On user detail click on tab ‘Roles’. Click on ‘Manage authorization’. On dialog ‘Add’ new role. In field ‘Role name’ select our role ‘RoleForNewVirtualSystem’. Click on ‘Set’ and then on ‘Submit a request’.
Implementers received new task to create new account ‘john.doe’ on virtual system ‘NewVirtualSystem’. You can check request In left main menu select ‘Virtual systems / Request‘. There are two tabs ‘Unresolved requests‘ and ‘Archive‘. In ‘Unresolved requests‘ there is list of all tasks, which yet will be resolved.
You can go to detail of request with UID ‘john.doe’ and system ‘NewVirtualSystem’ (click on button with “magnifying glass”). Now you can see detail of request for creating new account.
There are three specific information. Basic information for the request (state, UID, system, type, created ). list of all implementers whose can resolve the request. And Target state on system, but this detail is of create request, so previous state is nothing and have to be modified all lines (name, email, etc.).
Notification is sent to all implementers, when request for updating virtual system is created. Email template provides similar informations as request detail (described above). For example ‘Target table’ is constructed from same data as table on request detail.
More details about virtual systems in CzechIdM are in a section Systems of Administrator’s guide. If you have any questions or comment feel free to comment on redmine, github or email me on email@example.com. Also join our google group to keep in touch with CzechIdM news.