Non-managed Mode (Asynchronous mode)
In non-managed mode, program exits are used to alert the system administrator of a non-managed system regarding user provisioning requests. Two program exits are provided: a SendMail exit and a Logging exit. Both of these exits are enabled at the endpoint level for simplicity, for example, either all UPO exits invoke the SendMail exit or none at all. See Further Enhancements for enabling program exits at the UPO exit level.
cim1265
In non-managed mode, program exits are used to alert the system administrator of a non-managed system regarding user provisioning requests. Two program exits are provided: a SendMail exit and a Logging exit. Both of these exits are enabled at the endpoint level for simplicity, for example, either all UPO exits invoke the SendMail exit or none at all. See Further Enhancements for enabling program exits at the UPO exit level.
This connector defines 10 UPO exits in non-managed mode:
- ADD_ACCOUNTInvoked when a new account is created.
- DELETE_ACCOUNTInvoked when an account is deleted.
- MODIFY_ACCOUNTInvoked when an account is modified, except for password, account status or request status changes. Password and status modifications invoke different UPO exits.
- RENAME_ACCOUNTInvoked when an account is renamed.
- CHANGE_ACCOUNT_PASSWORDInvoked when the password of an account is changed.
- ENABLE_ACCOUNTInvoked when the eTSuspended attribute of an account is set to enabled.
- DISABLE_ACCOUNTInvoked when the eTSuspended attribute of an account is set to disabled.
- INVOCATION_ERRORInvoked when a UPO exit fails or returns an error. This exit then throws an exception which results in a failed user provisioning request. Note that this is invoked when there is an error in the exit invocation, not due to an error on the endpoint.
- REQUEST_PENDINGInvoked when a UPO exit was invoked successfully. A file is created containing the account name to indicate that a request for that account is pending. In this state, no other requests are acceptable and any such request should result in an exception.This implementation works well if there is only one CA IAM CS in the provisioning system. If there is more than one CA IAM CS, this implementation does work. Refer to SLA Exits for an alternative solution.
- REQUEST_COMPLETEDInvoked when the request status is marked as completed. The request file, created on a previous REQUEST_PENDING, is deleted, indicating that further user provisioning requests for the account are now acceptable.
In non-managed mode, the UPO exits do not do anything other than invoke the SendMail or Logging exits if so configured.
You are still required to explore the endpoint to create the necessary placeholders such as account and group containers. But exploring in this mode, or performing lookup on specific accounts, does not return or create new accounts.