To specify the provisioned resource:

1. To use the target that is currently associated with the request definition, select the Provisioned resource radio button.

   The Provisioned resource radio button is selected by default if you’re editing a request definition that refers to a valid resource. If you’re defining a new provisioning request, this radio button is not selected.

2. To bind the request definition to another resource that was previously defined within the currently selected driver, select the Available provisioned resources radio button, and pick a target from the dropdown list.

   

   NOTE:If the request definition was bound to a resource that is not an entitlement, you are not permitted to change the resource.

3. Select a category for the provisioned resource definition in the Category dropdown list.

   The category defaults to the category for the currently selected provisioned resource. Whenever you change the provisioned resource, the category for the request definition is changed as well to match the category for the resource. If you want to assign a different category to the request definition, select that category in the Category dropdown list.

4. To create a new resource based on an Identity Manager entitlement, click the + button.

   

   To edit an existing resource, click the pen button.

   

   To define the characteristics of the resource, follow these steps:

   1. Specify the name for the resource in the Name (CN) field.

   2. Select a category for the resource in the Category dropdown.

   3. Specify the entitlement in the Entitlement field.

   4. For each language you want to support in your application, click the check box beside the language in the list under Provisioned Resource Localized Strings, and type the localized text in the Display Name and Description fields. This text will be used to identify the provisioning resource throughout the user application.

   5. To add a new language to the list, click Add and select the desired language.

      NOTE:By default, a newly created provisioning resource supports only English.

      

5. Click Next.

   The Provisioned Resource wizard displays a screen to allow you to provide data for any parameters required for the entitlement.

   

6. If the entitlement does not require any entitlement parameters, click Next.

   The Create New Provisioned Resource wizard displays the Summary page, which provides information about the resource you’re defining.

   

7. Click Finish.

To configure the activities for the associated workflow:

1. Specify whether you want the addressee for each activity to be notified by e-mail by selecting or deselecting the Notify participants by e-mail check box.

   

   NOTE:If you select the Notify participants by e-mail check box, and the addressee has designated a proxy, the proxy will also be notified by e-mail. Delegates are not included in e-mail notifications.

2. For each workflow activity, optionally change the display label by clicking the icon beside the name of the activity (in this case, First Approval).

   

   Type the display label in the Display Label field and click OK.

   

   NOTE:The default display labels (First approval, Second approval, and so on) suggest that approvals are processed sequentially. For parallel flows, you may want to specify labels that do not imply sequential processing. For example, you might want to assign labels such as One of Three Parallel Approvals, Two of Three Parallel Approvals, and so on.

3. For each workflow activity, also provide the following information:

   Field	Description
   Addressee Expression	Specifies a dynamic expression that identifies the addressee for the activity. The addressee is determined at runtime, based on how the expression is evaluated. The first term of an addressee expression can be any of the following values: Initiator Recipient Addressee of activity-name A separate Addressee of activity-name term is listed in the Expression dropdown for each activity in the workflow (except the activity you are currently configuring). The activity-name is the display label you specified for the activity, or the default name, if you did not specify a display label. The second term of an addressee expression can be either of the following values: Manager <No attribute> NOTE:The Manager attribute is available automatically because it has been previously defined on the User entity in the abstraction layer. Other attributes (in addition to Manager) may be available for selection if they meet the following requirements: Must be defined on the User entity in the abstraction layer Must be single-valued Must have a DN data type
   Addressee DN	Specifies the distinguished name for a user, group, or task group. NOTE:If you want Task Group Managers to be able to search for tasks by task group (in the My Team Tasks action in the user application), you need to specify the task group as the addressee.
   Timeout	Specifies the period of time allotted for the addressee to complete the task. The timeout interval applies each time the activity is executed by the addressee. Specify a value in seconds, minutes, hours, or days.
   Retry Attempts	Specifies the number of times to retry the activity in the event of a timeout. When an activity times out, the workflow process may try to complete the activity again, depending on the retry count specified for the activity. With each retry, the workflow process may escalate the activity to another user. In this case, the activity is reassigned to another addressee (the user’s manager, for example) to give this user an opportunity to finish the work of the activity. In the event that the last retry times out, the activity may be marked as approved or denied, depending on how the workflow was configured.
   Retry Addressee Expression	Specifies a dynamic expression that identifies the user who should get this task in the event that the timeout limit has been reached. The retry addressee is determined at runtime, based on how the expression is evaluated. The first term of an addressee expression can be any of the following values: approval.getAddressee() Initiator Recipient Addressee of activity-name The approval.getAddressee() option gets the current addressee. A separate Addressee of activity-name term is listed in the Expression dropdown for each activity in the workflow (including the activity you are currently configuring). The activity-name is the display label you specified for the activity, or the default name, if you did not specify a display label. The second term of an addressee expression can be either of the following values: Manager <No attribute> If you select the approval.getAddressee() option, and then select Manager, each retry will escalate to a new manager at a higher level within the organization. Therefore, you need to be sure to set the retry count to a number that is suitable for your organization. In any case, the retry count should not exceed the number of levels of management above the current addressee.
   Retry Addressee DN	Specifies the distinguished name for a user or group that should get this task in the event that the retry limit has been reached.

4. When you finish configuring an activity, you may need to scroll down to see the other activities for the flow.

5. Click Next.

To specify the access rights for a provisioning request:

1. To add a user, group, or other eDirectory object to the list of trustees for this request definition, click Add and select the object.

   Once you’ve added an object, it is included in the list of trustees.

   

2. To remove a user, group, or other object, select the item in the Trustee list and click Remove.

3. Click Next.

1. Click the radio button for the desired status:

   Status	Description
   Active	Available for use.
   Inactive	Temporarily unavailable for use. This is the default.
   Retired	Permanently disabled.

   

2. Click the radio button for the correct action (Grant or Revoke).

3. Click Next.