AD Integration flows - Update account
Update
Introduction
Soffid provides a workflow to modify and/or delete an account in the final system. In it, we can see each of the steps of which this process is composed.
Diagram
Step by Step
In this document, we will explain the process that Soffid performs to modify an account for the AD connector.
1. Initial step
First of all, Soffid checks if the account exists in Soffid and then checks the operation to perform, update or delete.
1.1. If the user does not exist in Soffid, then Soffid asks to delete the user in the target System.
❓ Warning message
1.1.1. Yes: If the answer is Yes, the process follows through the Yes branch, [3. Delete branch].
1.1.2. No: If the answer is Yes, the process finishes [10. End].
1.2. If the user exists in Soffid, the process continues through [2. User to remove?]. to check if the
2. Account to remove?
📌 By clicking on the Account to remove? step,...
You can configure all the properties related to the account object for this step
2.1. If the account is marked for Deletion, Soffid will ask for user consent to continue with the process or to cancel it. If the answer is Yes, the process follows through the Yes branch, [3. Delete branch].
❓ Warning message
2.2. If the account is marked for Update, it continues with the flow following through the No branch, [4. Insert or Update branch].
3. Delete branch
3.1. When the operation to perform is to delete an account, first of all, Soffid has to check if the account exists in the target system.
3.1.1. If the account does not exist, there are no actions to perform in the target system, so the process finishes [10. End].
3.1.2. If the account exists, the flow continues executing the pre-delete triggers if there is anyone configured. More than one script can be configured. These scripts are executed just before the main action, account delete, and the result (true or false) determines if the main action will be performed or not.
3.1.2.1. False: if the result is false for one or more of these triggers, the process finishes [10. End].
3.1.2.2.True: if the result is true for all of these triggers, Soffid continues to the next step.
📌 By clicking on the Pre-delete triggers step,...
You can configure all the pre-delete triggers related to the user object for this step.
3.1.3. Soffid removes the AD user in the Active directory.
3.1.3. Then Soffid executes the post-delete triggers if any. These triggers can be used to perform a specific action just after performing the remove user operation on the target object.
📌 By clicking on the Post-delete triggers step,...
You can configure the post-delete triggers related to the user object for this step.
3.1.3. Then the process finishes [10. End].
4. Insert or Update branch
4.1. When the operation to perform is to update a user, first of all, Soffid generates the AD user. That is, Soffid calculates the values of the AD user object from the original values of Soffid.
📌 By clicking on the generate AD user step,...
You can configure the attributes related to the user object for this step.
4.2.Then Soffid asks if the user exists in the target system to decide the action to execute, this action can be an update or an insert.
4.2.1. If the user does not exist in the target system, the process continues through [5. Insert user branch].
4.2.2. If the user exists in the target system, the process continues through [6. Update user branch].
5. Insert user branch
5.1. Soffid executes the pre-insert triggers if there is anyone configured. More than one script can be configured. These scripts are executed just before the main action, user creates, and the result (true or false) determines if the main action will be performed or not.
5.1.1. False: if the response is false for one or more of these triggers, the process finishes [10. End] and the user is not created in the target system.
5.1.2. True: if the response is true for all of these triggers, Soffid continues to the next step.
5.2. Soffid creates AD user in the Active directory
5.3. Then Soffid executes post-insert triggers if any. These triggers can be used to perform a specific action just after performing the create user operation on the target object.
📌 By clicking on the Post-insert triggers step,...
You can configure the Post-insert triggers related to the user object for this step.
5.4. Then the process continues through [7. Groups].
6. Update user branch
6.1. Soffid checks if there are any change between the generated object and the values of the object in the target system.
6.1.1. False: if there are no changes, the process finishes [10. End].
6.1.2. True: if there are changes to update, Soffid continues to the next step.
6.2. Soffid executes the pre-update triggers if there is anyone configured. More than one script can be configured. These scripts are executed just before the main action, user update, and the result (true or false) determines if the main action will be performed or not.
6.2.1. False: if the response is false for one or more of these triggers, the process finishes [10. End] and the user is not updated in the target system
6.2.2. True: if the response is true for all of these triggers, Soffid continues to the next step.
📌 By clicking on the Pre-update triggers step,...
You can configure the Pre-update triggers related to the user object for this step.
6.3. Soffid updates the AD user in the Active directory
📌 By clicking on the update user step,...
You can configure the properties related to the user object for this step.
6.4. Then Soffid executes the post-update triggers if any. These triggers can be used to perform a specific action just after performing the update user operation on the target object.
📌 By clicking on the Post-update triggers step,...
You can configure the Post-update triggers related to the user object for this step.
6.6. Then the process continues through [7. Grants].
7. Grants
At this point, Soffid runs the actions relative to the grants. The operations can be to add the user to one or more groups or to remove the user from existing groups.
8. Group to remove
This is a loop while there are groups to remove.
8.1. If there are No groups to remove, the process goes to [9. Group to add].
8.2. Yes, there are groups to remove:
8.2.1. Soffid executes the pre-delete triggers if there is anyone configured. More than one script can be configured. These scripts are executed just before the main action, a Remove user to group, and the result (true or false) determines if the main action will be performed or not.
8.2.1.1. False: if the response is false for one or more of these triggers, the process goes to [8. Group to remove] and the grant is not created.
8.2.1.2. True: if the response is true for all of these triggers, Soffid continues to the next step.
📌 By clicking on the Pre-delete triggers step,...
You can configure the Pre-delete triggers related to the grant object for this step.
8.2.3. If the result of the triggers is true, then Soffid adds the user to a group.
8.2.4. Then Soffid executes the post-insert triggers if any. These triggers can be used to perform a specific action just after performing the create grant operation on the target object.
📌 By clicking on the Post-delete triggers column values step,...
You can configure the Post-Update related to the grant object for this step.
8.2.5. Then the process continues through [8. Grant to add].
9. Group to add
This is a loop while there are grants to remove. This grants list comes from the previous step [7. Grants].
9.1 No: If there are No grants to add, the process goes to [10. End].
9.2. Yes, there are grants to remove:
9.2.1. Soffid executes the pre-insert triggers if there is anyone configured. More than one script can be configured. These scripts are executed just before the main action, Add user to group, and the result (true or false) determines if the main action will be performed or not.
9.2.1.1. False: if the response is false for one or more of these triggers, the process finishes [10. End] and the grant is not deleted.
9.2.1.2. True: if the response is true for all of these triggers, Soffid continues to the next step.
📌 By clicking on the pre-delete trigger step,...
You can configure the Pre-delete triggers related to the grant object for this step.
9.2.2. If the result of the triggers is true, then Soffid adds the user to the group. This operation can return a true or false result.
9.2.2.1. False: the add action could not be performed and the process check for another grant [9. Group to add].
9.2.2.2. True: the add action could be performed properly. Soffid continues to the next step.
9.2.3. Then Soffid executes the post-insert triggers if any. These triggers can be used to perform a specific action just after performing the add grant operation on the target object.
📌 By clicking on the post-insert trigger step,...
You can configure the Post-insert triggers related to the grant object for this step.
9.2.4. Then the process continues through [9. Group to add].
10. End
The process finishes and the log is displayed, and you can download it by clicking the Download button.