cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can make Password Provisioning parallel?

former_member431321
Participant

on ‎06-05-2019 3:39 AM

0 Kudos

Hi Experts,

One of customer requirement is to synchronize password to 5 SAP systems and one AD and one custom application.

So, currently I configured 3 abap systems and one custom application.

And I enabled Password Provisioning option in Identity Store and everything works fine so far.

It looks clear that IDM provision password one by one.

The start of password provisioning for each Target systems is as follows:

- 10:30:05 for BIDEV <Execution of Pass Started: 8: Exec Plugin: Set Password>

- 10:30:15 for ERPQAS <Execution of Pass Started: 8: Exec Plugin: Set Password>

- 10:30:25 for JAVIDM <Execution of Pass Started: 8: Exec Plugin: Set Password>

- 10:30:33 for SSMDEV <Execution of Pass Started: 8: Exec Plugin: Set Password>

So for 3 abap system it tooks about 60 seconds until last <Execution of pass started: ChangePasswordOfABAPUser>.

(see attached execution log. last message is not shown)

Can I make this run in parallel?

regards,

dongsu

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member2987
Active Contributor
‎06-12-2019 1:33 PM
0 Kudos

Hi Dongsu, it should be first the system specified in the workflow. If for some reason that doesn't work, I'd recommend that you do the password provisioning via a script that calls the password provisioning tasks via the uProvision() function.

Matt

Show replies
Show replies
former_member431321
Participant
‎06-14-2019 4:42 AM
0 Kudos

Hi Matt,

Which workflow do you mean?

In my env(IDM 8.0 SP6), the password provisioning is done by just check option for it in Developer Studio.

Would you tell me more about how to access workflow?

Regards,

dongsu

former_member2987
Active Contributor
‎06-10-2019 2:33 PM
0 Kudos

Hi Dongsu,

That's a pretty tough issue given the way that IDM works, being a queue based system. This would have been easier in IDM 7.x where we had the unordered task type and also a parallel provisioning passtype.

It might be possible to speed things up by assigning each task it's own dispatcher, but I don't know how much it will help. Best workaround would be to prioritize what order you are setting the passwords in. I could imagine two strategies on this. 1. most important systems first. 2. fastest systems first. Not sure how you would determine #2.

One last thought on my first approach, it might speed things up to put the dispatcher engines on the actual systems. So putting one on the ssm system, ERP, BI, etc might help, but really all it's going to do is trim some latency (and probably not that much) but if there are a lot of systems it could help.

Let us know how you decided to move forward on this!

Show replies
Show replies
former_member431321
Participant
‎06-10-2019 3:34 PM

Thank you very much Matt.

Based on your comment, I will discuss this with customer again.

regards,

dongsu

former_member431321
Participant
‎06-12-2019 12:33 AM
0 Kudos

Hi Matt,

About your strategy #1,

could you tell me how to control which system run first?

BR

dongsu

Ask a Question