adding doc for predefined activation mapping

Evolveum · Sep 4, 2023 · d2b9579 · d2b9579
1 parent a4efb0b
commit d2b9579
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 0 deletions.
diff --git a/docs/resources/resource-configuration/schema-handling/activation.adoc b/docs/resources/resource-configuration/schema-handling/activation.adoc
@@ -244,6 +244,83 @@ Set to `true` if the resource object is linked to an existing focal object.
 
 TODO
 
+== Predefined activation mapping
+
+NOTE: Available from 4.8.
+
+Predefined activation mapping are available from midpoint 4.8. We can use simple configuration for predefined mappings without long and complicated configuration for existence and administrative mappings.
+
+If an account is unassigned and there is no other existing assignment for an account midPoint will de-provisioning that account. Which means that the account will be deleted. This is the default behavior. But it can be changed by predefined mappings configuration.
+
+Now we can use three predefined configurations.
+
+=== Disable instead of delete
+
+ This configuration change default behavior and account will be disabled instead of delete.
+
+[source,xml]
+----
+<resource>
+	<schemaHandling>
+		<objectType>
+			...
+			<activation>
+                <disableInsteadOfDelete/>
+			</activation>
+			...
+		</objectType>
+	</schemaHandling>
+</resource>
+----
+
+=== Delayed delete
+
+This configuration change default behavior and account will delete with delay and meanwhile account will be disabled.
+
+We use activation/disableTimestamp from shadow object as reference attribute for time when was account disabled. As disable reason we use de-provision or mapped.
+
+[source,xml]
+----
+<resource>
+	<schemaHandling>
+		<objectType>
+			...
+			<activation>
+                <delayedDelete>
+                    <deleteAfter>P1M</deleteAfter>
+                <delayedDelete/>
+			</activation>
+			...
+		</objectType>
+	</schemaHandling>
+</resource>
+----
+
+We need set only one attribute _deleteAfter_, that define time after which the account will be deleted.
+
+=== Pre provision
+
+This configuration will pre-provision a disabled account defined by time before focus’s activation/validFrom date.
+
+[source,xml]
+----
+<resource>
+	<schemaHandling>
+		<objectType>
+			...
+			<activation>
+                <preProvision>
+                    <createBefore>-P5D</createBefore>
+                <preProvision/>
+			</activation>
+			...
+		</objectType>
+	</schemaHandling>
+</resource>
+----
+
+We need set only one attribute _createBefore_, that define time determines how long before date, from activation/validFrom attribute, disabled account will be created.
+
 
 == Examples
 

diff --git a/release-notes.adoc b/release-notes.adoc
@@ -63,6 +63,7 @@ Last shadow activity taken into account:
 For more info see: xref:/midpoint/reference/security/audit/index.adoc[Auditing]
 
 * Creating new wizard flow for configuration of resource activation and configuration of resource credentials.
+** Adding new configuration for predefined activation cases. Now we don't need complex configuration of existence and other kind of activation mappings for cases: disable instead of delete, delayed delete and pre provision. For more info see: xref:/midpoint/reference/resources/resource-configuration/schema-handling/activation.adoc#predefined_activation_mapping[Predefined activation mapping].
 ** Wizard step panels, that displaying inbound and outbound mapping attributes, was divided to two panels with main and optional configuration. Showed attributes are hardcoded, so we can use configuration only for hide showed items.
 ** Also we split wizard step panel of construction outbound mapping for role assignment.
 *** Main configuration contains attributes name, source, target, ref (resource attribute), strength, expression and condition.