Google Search

Monday, December 7, 2015

How To Configure Auto-Approval for End User Self-Registration in OIM 11g?


In the default self-registration template, the Organization field is designated as an approver-only field. This means that an approver must manually supply a value for the Organization field when approving the request.


To configure the self-registration template so that registrations are approved automatically, remove the approver-only flag from the dataset (i.e. SelfCreateUserDataset.xml) for the Organization field.


In OIM 11g, each request work-flow goes through three levels of approvals.


    Template Level

    Request Level

    Operational Level


By default Template Level is auto approved, so here only two levels of approvals need to be configured as auto approval. To achieve this, create two new approval policies, one with the request level approval enabled for self-registration, and the other with the operational level approval enabled.


For 11gR1 versions:


Steps:

    Modify the Self-Register User OOTB request template by restricting the Organization attribute with a mandatory default value.

    Modify the Self-Register user dataset by removing "approver-only" flag or setting it to "false" for Organization AttributeReference. Make sure you import the updated dataset and clear the cache.

    Create two new approval policies, one with the request level approval enabled for self-registration, and the other with the operational level approval enabled with a rule that evaluates to true.


1. Modify the Self-Register User OOTB request template


Modify the Self-Register User OOTB request template by restricting the Organization attribute with a mandatory default value.


2. Modify the Self-Register user dataset


Modify the Self-Register user dataset by setting it to "false" for Organization AttributeReference. Make sure you import the updated dataset (SelfCreateUserDataset.xml) and clear the cache.


See the Example of MDS Utility Usage and Purging Cache.


metadata_files=/metadata/iam-features-requestactions/model-data/SelfCreateUserDataset.xml

<AttributeReference name="Organization" attr-ref="act_key" available-in-bulk="false" type="Long" length="20" widget="ENTITY" required="true" entity-type="ORGANIZATION" approver-only="false"/>


3. Create two new approval policies


Create two new approval policies, one with the request level approval enabled for self-registration, and the other with the operational level approval enabled with a rule that evaluates to true.


Now try to submit a request from self-registration, End user will be created into OIM directly without any manual approval.


For 11gR2 versions:


The things you need to do:


-     Create 2 approval policies


o   Request level auto approval for all self-register type requests.

o   Operation level auto approval for all self-register type requests and for all the scopes.


-    Register a pre-process handler which will provide a default home organization for all the self-registered users. This is because home organization is a mandatory user attribute.

No comments:

Post a Comment