Orchestration for user provisioning

In any organization, user provisioning involves creating user accounts and roles in multiple applications like IAM tools, Payroll applications, ITSM tools, and so on. Traditionally, this is done manually. With ADManager Plus, this can be done automatically in a few clicks with Orchestration templates.

Let us consider a scenario where the provisioning of user accounts is inclusive of the following actions:

• Tasks to be performed in ITSM tools:
• Raise a request to create accounts or roles for the provisioned user account in various applications like Payroll, and IAM applications, etc.
• Stakeholders to be notified:
• Email or SMS notification sent to the IT admin, team manager and the user about the provisioned user account.

The following steps will guide you through it:

1. Create a new Orchestration template for user provisioning

1. Log on to ADManager Plus as the admin.
2. Navigate to Automation tab → Orchestration → Orchestration template.
3. Then click on the Create New Template button.
4. Enter a suitable Name and Description for the template.
5. To create your own custom Orchestration template you can drag and drop the required blocks to create your template.
• For user provisioning in multiple platforms, you can add a webhook template.
  To create a new webhook template, follow these steps.
• You can also add a notification template block to notify the various stakeholders like IT admin, manager,etc.
  To create a new notification template, follow these steps.
6. Click Save once the template has been created. In case you wish to undo all the changes done to the template, click on the Clear Workflow button to start afresh.

2. Create a new Webhook template to raise a request in the ITSM tool for user provisioning

1. Log on to ADManager Plus as the admin.
2. Navigate to Automation tab → Orchestration → Orchestration template.
3. Click on Configure Webhook.
4. Enter a suitable Name and Description for the template.
   Note: The following information can be obtained from the API document of the applications you wish to provision user accounts in.
5. In the URL field, enter the API call.
6. In the Method field, select one of the following HTTP methods,
• Get - To read
• Put - To update or replace
• Post - To create
• Delete - To delete
7. In the Headers field, you can add the required API headers and map them to the suitable header values.
8. Likewise, in the Parameters field, you can add the suitable API parameters and map them to their parameter values.
9. Select the suitable Message Type option and click Save.
   Note: You can use the listed Macros for configuring headers and parameters.
   To use Macros in the URL and Message Type fields, enter them manually.

3. Create a new Orchestration profile to configure the conditions under which the Orchestration template will be executed:

Before you begin, ensure that the mail server settings are configured properly. You can learn more about it here.

1. Log on to ADManager Plus as the admin.
2. Navigate to Automation tab → Orchestration → Orchestration Profile
3. Click on the Create New Profile button on the top-right corner of the page.
4. Enter a suitable Name and Description for the profile.
5. In the Profile Criteria section, add the conditions under which the template needs to be executed. For example, When 'Create Single User' action is executed AND the Domain name is 'Site 1'.
6. In the Orchestration Profile, add the Orchestration template created in step 1 from the list.
7. Click Save.