IDM Midpoint DEMO Employments Positions Projects LDAP
Schema EPPL 1.02
Docker Compose
Compose IDM-Midpoint-DEMO-EPPL/tree/main/Docker
Storytelling EPPL 1.0
Docker Demo IDM Midpoint EPPL c трудоустройствами, назначениями, проектами и LDAP
Storytelling EPPL 1.01
Обзор обновления 1.01 для IDM Midpoint DEMO EPPL добавлены Multi-Nodes, стоп лист для логинов и исправлены ошибки
Storytelling EPPL 1.02
https://www.youtube.com/watch?v=MLR78bNkfnk
EPPL Functionality
1. Employments
Creation/blocking from HR source
Linking to an employee from HR source
Creating assignment roles from employment roles
Creating system accounts for employment
2. Positions
Creation/blocking from HR source
Linking to employment from HR source
Requesting assignment roles
Creating system accounts for assignments
3. Projects
Project creation and editing by employees with project creation rights
Adding/removing project members
Adding/removing project rights
Creating custom project roles
Assigning custom project roles to a project member or to the project itself
Revoking custom project roles when a member is removed from the project
Disabling a project and removing all its members
4. SOD (Segregation of Duties)
Role assignment approval workflows
Restrictions on role acquisition based on recipient type and company affiliation
5. Subordinates
Requesting access rights for subordinates
Viewing a subordinate’s photo
Hierarchical determination of supervisors by department
Delegation of manager functions of department (EPPL 1.02)
6. Login/nickName Generation
Cyrillic is converted to Latin
Generated at the time of account assignment
Uniqueness is checked against the name in Midpoint and cached resources data
Updated when the last name changes in the HR source
Login is released if no accounts are associated
Login Stop list (EPPL 1.01)
Infinitely Logins (EPPL 1.01)
7. Personal Data
Viewing restrictions
8. Connected Resources
LDAP accounts/groups
MS AD (Active Directory) accounts/groups
Creating Forward Roles from LDAP groups
Creating Forward Roles from MS AD groups
Creating Personal Data
Exporting photos to LDAP
Creating Employees/Employments/Assignments from HR sources (multiple resources)
9. Company
Company Name propagates to Role Catalog Head, Departmen Catalog Head(EPPL 1.01), Employments, Popsitions
Data
EPPL pulls HR data from a CSV file using the CSV Connector, but this can easily be adapted to use a DB connector instead. All the data is stored in the file EPPL_HR_DATA.csv, located at /opt/midpoint/var/info.
Main Fields
number_eppl– Unique sequential number.type_eppl– Record type.main_id– Unique identifier:- For User (employee): HR ID.
- Assignments start with
POS, employments withEMP.
parent_id– Organization code (fromADMINISTRATION/Roles/Company Roles).member_of_eppel– Associated entity (singular, used forassociationin the resource).grade_eppel– Coded "Основное" for determination of main employment.department_eppl– Department code for the assignment (fromADMINISTRATION/Org.structure/Department Catalogs).department_relation_eppl– Ifmanager, denotes department head; otherwise empty.status_eppl– Status: set this todisabledto revoke assignment/employment.
Remaining fields contain supplementary information.
Video Steps
www.youtube.com/@IDMMidpointEPPL
IDM Midpoint EPPL | 1. Docker Compose first run
IDM Midpoint EPPL | 2. Admin logon and LDAP setup
IDM Midpoint EPPL | 3. Users Employments Positions Data from HR CSV File
IDM Midpoint EPPL | 4. GUI User Boss Request access for Position, Roles LDAP Group & Account
IDM Midpoint EPPL | 5. GUI User Request Access Role with approval Role with SOD
IDM Midpoint EPPL | 6. GUI User: Project Creation and Management it Roles, Members, Status
IDM Midpoint EPPL | 7. GUI User Managing dedicated Project Roles
IDM Midpoint EPPL | 8. Dismissal from Position, Multiple Accounts, Users photo to LDAP
IDM Midpoint EPPL 9 | Nickname Stop List, Generate endless nicknames
IDM Midpoint EPPL | 10 Delegation of Department management, permanent and temporary
