About Provisioning
Provisioning is the action of exporting Registry data to downstream applications, generally for the purposes of creating or removing access to those applications. Registry provisioning is implemented by Provisioner Plugins.
Terminology
- Provisionable Model or Object: A Registry Object that supports being Provisioned. Not all Provisioner Plugins support all Provisionable Objects.
- Provisioner: The unqualified term "Provisioner" generally means "Provisioner Plugin".
- Provisioner Plugin: A Registry Plugin that connects to a specific type of downstream application or server.
- Provisioning Target: An instantiation of a Provisioner Plugin.
Configuring Provisioning Targets
Provisioning Targets are configured via Configuration > Provisioning Targets.
Provisioning Target Configuration
Provisioning Modes
Enrollment Only
The Provisionable Object, which must be a Person, is only provisioned during Enrollment. Changes made to the record after Enrollment will not be sent to the Provisioning Target.
Immediate
When a change is made to a Provisionable Object or a Secondary Object related to a Provisionable Object, Registry will immediately try to run the Provisioning Target. If provisioning fails, it will not automatically be retried.
Manual
The Provisioning Target is available, but provisioning will only happen when manually requested by an Administrator.
Disabled
The Provisioning Target is not available.
Provisioning Order
Provisioning Targets may be ordered, in which case the Provisioning Target with the lowest order (eg: 1) will be run first. This is useful where downstream applications may have dependencies, such that one application must be provisioned first.
Plugin
Select the desired Plugin from the available set.
Once set, the Plugin associated with the Provisioning Target cannot be changed. (AR-ProvisioningTarget-1)
Provisioning Target Plugin Configuration
After the Provisioning Target is initially added, the Plugin Configuration will become available. Specifics of this configuration vary by Plugin, see the Plugin's documentation for more information.
Provisionable Objects and Eligibility Rules
Registry supports provisioning Objects as per this table:
Provisionable Object | Associated Objects Included | Eligibility Rules |
---|---|---|
COUs |
| |
Groups |
|
|
People |
1Only these associated objects are included for Deleted People |
|
Types |
|
As shorthand, the record constructed as described above for Ineligible objects is referred to as the "Core" record, and the record constructed for Eligible objects is referred to as the "Full" record.
External Identities and Associated Attributes
External Identities are not intended to be provisioned, and so they are not made available to Provisioner Plugins. (External Identity attributes are made available as Person attributes via Pipelines, and those attributes can be provisioned.)
Reprovisioning All Entities
All entities within a CO can be (re)provisioned by using the Provisioner Job Plugin.
Provisioning History Records
Provisioning History Records are created for all provisioning events, for all types of Provisionable Objects.
See Also
- Available Provisioner Plugins
- Provisioner Plugins (PE)
- Provisioner Job Plugin
- About Registry PE Plugins
Changes From Earlier Versions
Prior to Registry v5.0.0
- Provisioner Plugins were renamed from Provisioning Plugins.
- Immediate Mode was renamed from Automatic Mode.