Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The idea is that a service object in midPoint represents applications, tools, scripts and other components that need service accounts. Service accounts are linked to those service definitions in midPoint. Therefore it will be clear which account belongs to which service (even if the service needs accounts in many systems). The service in midPoint is a very flexible object. It can do almost all of the tricks that user, org and role can. Therefore it may have an owner, its lifecycle can be managed, it may be subject to policy rules and so on. This is a very natural, smooth and extremely powerful way to manage services and service accounts.

Image Modified

TODO: picture: account, service, owners

Synchronization Sorter

Important part of service account management is an ability to reclassify accounts. Service accounts are often indistinguishable from ordinary user accounts, therefore service accounts may be easily mis-classified as user acounts. MidPoint 3.9 introduced synchronization sorter mechanism that allows automatic (algorithmic) reclassification of accounts. Manual (GUI-based) reclassification is planned to be implemented later.

...