About Provisioning

Provisioning is the action of exporting Registry data to downstream applications, generally for the purposes of creating or removing access to those applications. Registry provisioning is implemented by Provisioner Plugins.

Terminology

  • Provisionable Model or Object: A Registry Object that supports being Provisioned. Not all Provisioner Plugins support all Provisionable Objects.
  • Provisioner: The unqualified term "Provisioner" generally means "Provisioner Plugin".
  • Provisioner Plugin: A Registry Plugin that connects to a specific type of downstream application or server.
  • Provisioning Target: An instantiation of a Provisioner Plugin.

Configuring Provisioning Targets

Provisioning Targets are configured via ConfigurationProvisioning Targets.

Provisioning Target Configuration

Provisioning Modes

Immediate Mode

When a change is made to a Provisionable Object or a Secondary Object related to a Provisionable Object, Registry will immediately try to run the Provisioning Target. If provisioning fails, it will not automatically be retried.

Manual Mode

The Provisioning Target is available, but provisioning will only happen when manually requested by an Administrator.

Disabled

The Provisioning Target is not available.

Provisioning Order

Provisioning Targets may be ordered, in which case the Provisioning Target with the lowest order (eg: 1) will be run first. This is useful where downstream applications may have dependencies, such that one application must be provisioned first.

Plugin

Select the desired Plugin from the available set.

Once set, the Plugin associated with the Provisioning Target cannot be changed. (AR-ProvisioningTarget-1)

Provisioning Target Plugin Configuration

After the Provisioning Target is initially added, the Plugin Configuration will become available. Specifics of this configuration vary by Plugin, see the Plugin's documentation for more information.

Provisionable Objects and Eligibility Rules

Registry supports provisioning Objects as per this table:

Provisionable ObjectAssociated Objects IncludedEligibility Rules
COUs
  • Deleted: If the entity is deleted
  • Eligible: Otherwise
Groups
  • Group Members, for Eligible records only
  • Identifiers, Active Identifiers only
  • Deleted: If the entity is deleted
  • Eligible: If the entity status is Active
  • Ineligible: Otherwise
People
  • Addresses
  • AdHoc Attributes
  • Email Addresses
  • External Identities
    • Addresses
    • AdHoc Attributes
    • Email Addresses
    • External Identity Roles
      • Addresses
      • AdHoc Attributes
      • Telephone Numbers
    • Identifiers
    • Names
    • Primary Name
    • Pronouns
    • Telephone Numbers
    • Urls
  • Group Members, valid Group Memberships only, for Eligible records only (except All Members groups, which are included for Ineligible records)
  • Identifiers1, Active Identifiers only
  • Names1
  • Person Roles, valid Person Roles only, for Eligible records only
    • Addresses
    • AdHoc Attributes
    • Telephone Numbers
  • Primary Name1
  • Pronouns
  • Telephone Numbers
  • Urls

1Only these associated objects are included for Deleted People

  • Deleted: If the entity is deleted or if the entity status is Archived
  • Eligible: If the entity status is Active or Grace Period
  • Ineligible: Otherwise
Types
  • Deleted: If the entity is deleted
  • Eligible: If the entity status is Active
  • Ineligible: Otherwise

As shorthand, the record constructed as described above for Ineligible objects is referred to as the "Core" record, and the record constructed for Eligible objects is referred to as the "Full" record.

Provisioning History Records

Provisioning History Records are created for all provisioning events, for all types of Provisionable Objects.

See Also

Changes From Earlier Versions

Prior to Registry v5.0.0

  • Provisioner Plugins were renamed from Provisioning Plugins.
  • Immediate Mode was renamed from Automatic Mode.
  • No labels