7.17 Entity Activity

The Entity activity updates an entity in the Identity Vault. You can use this activity to create, modify, or delete attributes on an entity. You can also use this activity to create or delete an entity (see Section 7.17.4, Working with Entity Activities).

A workflow must have at least one Entitlement or Entity activity.

7.17.1 Properties

The Entity activity has the following properties:

Table 7-31 Entity Activity Properties

Property Name

Description

Activity Id

Specify a unique string value that identifies the activity. Activity Ids are written to the user application’s log file. Specifying a meaningful Activity Id makes it easier to understand the data written to the logs. You can specify letters, numbers, and the underscore (_) character.

If you do not specify a value, the Activity Id defaults to ActivityNN where the NN represents the order in which the activity was added to the workflow.

Name

Provides a name for the activity.

Entity Type

Specifies the target entity type: User or Group.

Operation

Indicates what kind of operation will be performed on the target entity:

  • Create/Modify

  • Delete attributes/values

  • Delete entity

To create or modify attributes of an entity or to create a new entity, select create/modify. To delete attributes of an entity, select delete.

To delete an entity, select delete object.

Set Workflow Status

Specifies the approval status of the provisioning request. Set to True for approved; otherwise, set to False. This method of setting workflow status overrides other methods. For example, the Set Default Completion Status to Approved parameter (see Table 4-3, Overview Properties) or the Approval Status activity (see Section 7.8, Workflow Status).

7.17.2 Data Item Mapping

To bind the data items associated with the Entity activity, you define mappings for the attributes associated with the target entity type.

Table 7-32 Entity Activity Data Item Mappings

Setting

Description

Entity dn

Identifies the entity that is the target of the operation. The default value is recipient.

To create a new object, specify a distinguished name that does not yet exist.

HINT:The output of the DNMaker control can be used as input for the Entity dn value. The DNMaker control constructs the DN by allowing the user to enter the naming attribute in a text field and presenting an interface for picking a container. After this data has been captured in a request form, the output can be mapped to a variable in the flowdata object. In the definition for the Entity activity, this flowdata variable can be accessed in the Entity dn setting with an expression such as

flowdata.get(’groupdn’);

For details on using the DNMaker control, see Section 5.5.11, DNMaker.

Modify Type

Indicates how the mapping should be performed for an attribute. The choices are

  • Append Value

  • Replace Value

  • Replace All Values

For many attributes, Replace Value is the only option that makes sense; therefore, this option is selected automatically and cannot be changed.

You must specify the Modify Type setting before specifying the Modify Value Expression setting.

Modify Value Expression

Specifies a source expression for an attribute. When you click a cell in the Modify Value Expression column, the ECMA expression builder displays to help you define your expression. The list of attributes available varies depending on which entity type was selected on the Properties tab.

Designer automatically inserts a sample ECMAScript expression into this field. The code provided varies depending on the Operation property specified in Properties and the Modify Type selected in Data Item Mapping. For example, if you have specified Create/Modify for Operation, and Replace All Values for Modify Type, Designer inserts an expression that helps you to create a vector:

function list() { v=new java.util.Vector(); v.add('{Enter Item 1}'); v.add('{Enter Item 2}'); return v; };  list();

In some cases you might be able to create expressions that work as well or better than the sample expression. For example, instead of creating a vector for multiple attribute values, you can create a flowdata variable (see Section 6.5.3, Understanding Workflow Data) to store multiple attribute values, and use the getObject function to retrieve the values of the flowdata variable (see ECMAScript Variables).

NOTE:The cells in the Target Attribute column are not editable.

7.17.3 E-Mail Notification

Not supported with this activity.

7.17.4 Working with Entity Activities

You use Entity activities to update entities in the Identity Vault. The procedures for working with Entity activities differ slightly from the procedures for working with other activity types so this section includes example procedures for:

Adding or Modifying an Entity

  1. From the Workflow page, click the Entity activity icon in the palette, then click the canvas to insert the Entity activity into the workflow.

  2. Click the Properties tab.

  3. Click in the Value column of the Entity Type field, then select the Entity Type (for example, User, Group) that you want to create or modify. If the target object that you specify in Step 6 already exists, the target object is modified; if the target object doesn't exist, it is created.

  4. Click in the Value column of the Operation field, then select Create/Modify.

  5. Click the Data Item Mapping tab.

  6. Click the button next to the Entity dn field to display the ECMA expression builder, then specify an expression that identifies the target of the operation (for example, “recipient”).

  7. Click OK to return to the Data Item Mapping view.

  8. Specify expressions for other attributes as required to create the Entity.

    See Section 3.2, Working with Entities and Attributes for information about adding entities. If you are adding an entity, you must enter expressions for all required attributes.

Using an Entity Activity to Delete an Entity

  1. From the Workflow page, click the Entity activity icon in the palette, then click the canvas to insert the Entity Activity into the workflow.

  2. Click the Properties tab.

  3. Click in the Value column of the Entity Type field, then select the Entity Type (for example, User, Group) to which the entity that you want to delete belongs.

  4. Click in the Value column of the Operation field, then select Delete entity.

  5. Click the Data Item Mapping tab.

  6. Click the button next to the Entity dn field to display the ECMA expression builder, then specify an expression that identifies the Entity that you want to delete.

  7. Click OK to return to the Data Item Mapping view.

Using an Entity Activity to Delete an Attribute or Value

  1. From the Workflow page, click the Entity activity icon in the palette, then click the canvas to insert the Entity activity into the workflow.

  2. Click the Properties tab.

  3. Click in the Value column of the Entity Type field, and select the Entity Type (for example, User, Group) of the entity to which the attribute or value that you want to delete belongs.

  4. Click in the Value column of the Operation field, and select Delete attribute/value.

  5. Click the Data Item Mapping tab.

  6. Click the button next to the Entity dn field to display the ECMA expression builder, then specify an expression that identifies the entity that contains the attribute or value that you want to delete.

  7. Click OK to return to the Data Item Mapping view.

  8. Click in the Delete Type field for the attribute to which you want the operation to apply, then select the operation from the list:

    • Select Delete Attribute for single-value attributes

    • Select either Delete Attribute or Delete Value for multi-value attributes. Selecting Delete Value for multi-value attributes also requires that you enter an expression to identify the value that you want to delete.

  9. To delete a value, click in the Delete Value Expression field for the attribute to which you want the operation to apply, then specify an expression that resolves to the value of the attribute that you want to delete.