Configure the transaction safeguard
In the Management Portal at Setup > Transaction Safeguard, prevent services from making unattended changes in your environment.
Identity Director is a powerful software solution that makes it easy to implement changes that affect many users. This is great if these changes are intended, but potentially problematic if they are not. For example, if you accidentally synchronize the wrong data connection, you may delete all people in your environment and deprovision them. The transaction safeguard helps prevent these situations.
With the transaction safeguard, you can configure thresholds for changes that may have a large impact. For example, you can configure a threshold for the number of services that can be requested or canceled for a person at once, or for the number of people who can be marked for deletion at once. If one or more of these thresholds are exceeded, the system goes into "fail-safe mode": The entire set of transactions is put “on hold”, and further transactions are suspended. In fail-safe mode, the Management Portal shows a clear warning that urgent attention is required, and lists the “suspect” transactions on the Transactions page. You can then troubleshoot the fail-safe mode by identifying whatever triggered it, and decide to continue regular operations or to abort the “suspect” transactions. To prevent mistakes, you will be asked to confirm your choice before the action is executed.
The Transaction Safeguard only applies to transactions that were triggered for delivery by Auto provisioning, for return by Auto deprovisioning and to transactions from the return trigger that leads to Reprovisioning.
Configuration
Field |
Explanation and Tips |
---|---|
Enabled |
Enable the transaction safeguard. You can only enable it if you configured at least one fail-safe rule. |
Rule and Threshold |
Configure the transaction safeguard rules.
|
When fail-safe is triggered, send e-mail to |
Specify the e-mail address to which a notification is sent if the fail-safe mode is triggered. This e-mail contains detailed information about the event that triggered the fail-safe, such as when was caused and by which rules, but also the Transaction Engine that was responsible for executing the qualification, how many times this error occurred, and the version of the Transaction Engine.
|