Partially implemented planned feature
This page describes a feature that is only partially implemented. Full implementation is planned for future midPoint versions.
This feature is designed, it was evaluated as feasible and it is partially implemented. However, there is currently no specific plan when it will be fully implemented because there is no funding for this development yet. In case that you are interested in supporting development of this feature, please consider activating midPoint Platform subscription.
MidPoint is designed to automate everything that can be automated. Getting human being out of decision loops speeds up the processes. And, let's admit it, it also makes them more reliable. But there are cases when the machine does not know what to do. This may be just a tiny fraction of cases in a well-configured IDM system. But it does happen. And it happens all the time.
MidPoint has a concept of a case (
CaseType object) to support such decision making. This is still a relatively new concept and so far it cannot do much. But the idea is that the cases would behave in a way that is known from the ITSM systems. Case is similar to a "trouble ticket". It can be assigned, re-assigned, delegated, it can be commented on, there may be escalation policies and so on.
The case management functionality is meant to handle situations when midPoint cannot decide for itself, such as:
The case functionality is partially implemented. There is a CaseType object in midPoint repository and it can be used for the purposes of manual resources. There is also a minimal case management user interface that was contributed by midPoint partner. However, the functionality is still quite far from being completed.
Cases and Access Certification
Some functionality of case management is also integrated with access certification mechanism. Although for access certification this functionality has to take a completely different form. In the certification case the most important aspect it to make many decisions in the most efficient way, therefore the traditional case-by-case approach has to be modified.
Phase 1: Internal Case Management
MidPoint already has a minimal case management functionality. But this can be significantly extended. The idea is that the concept of case will be an object that can be used to boost cooperation. The cases could support:
- Commenting: Individual people in the workgroup (e.g. defined by organizational structure) could cooperate on resolving the case. They could comment, provide advice and generally maintain a dialog about case resolution.
- Assignment and delegation: Case can be assigned to a person or a group of persons. But it is possible that the assignee cannot resolve the case. Therefore cases may be delegated or reassigned.
- Escalation: Time is of essence and therefore the time to resolve a case is seldom unlimited. Escalation mechanism can be applied to the cases to make sure they are resolved in a timely manner.
Phase 2: Integration With ITSM
MidPoint case management is in fact just an adaptation of concept that is already implemented in many existing systems - IT Service Management (ITSM) systems in particular. Therefore it should be possible to move cases out of midPoint and manage them in external ITSM system. In fact, first steps towards such functionality are already present: manual resources already support ITSM integration. Similar approach may be applied to all cases. The cases can be "outsourced" to external ITSM system. This may be much more convenient for deployments that already rely on ITSM system to guide organizational processes. This feature may seamlessly integrate identity management and governance processes with other processes in the organization.
However, there may be limitations. In the ITSM integration case the delegation and escalation needs to be governed by the ITSM system. However, those features are difficult to implement without full awareness of the organizational structure. MidPoint, naturally, has that awareness. However the ITSM system may not be aware of organizational structure at all. In such a case we recommend to use midPoint generic synchronization mechanisms to provision organizational structure into ITSM system.
Also, midPoint user interface will be probably optimized to handle cases related to identity management and identity governance. For example midPoint can display role request approval cases in an interactive way as midPoint has the full knowledge how the role assignment request looks like and what it means. The ITSM system does not have such knowledge, therefore its capabilities may be limited. But it may still be a benefit to move the cases to ITSM system to provide unified user experience and boost cooperation.