...
After the aggregations, a “refresh task” calls the “Netid” Role Selector Rule. Currently this rule ignores MEMBER and AFFILIATE identities. However, almost all , but this will be changed to look for the flag indicating approved special mail processing for identities with these affiliations.
Most of the processing originally done by this Rule task is now obsolete. We created a new Netid Role done in the Identity Management IIQ that runs during Full and Delta Aggregation and does most of the same things.However, the simplest change is to add logic to the Netid Selector to look for whatever new flag identifies MEMBER and AFFILIATE identities that require Mail Provisioning and run them through this code just to be sureother IIQ or Azure AD directory synchonization. There are a few flags that need to be set. However, this task still runs for regular Birthright Email and it is not intended to change this for the new category of users.
The 7:30 AM Sequential Task
This is the code that actually creates the Email account. It runs two hours after the first job, originally to allow time for changes to the AD to be synchronized out to Azure AD. This was necessary when the code was written, but in the current environment all the prerequisites will have been handled and the Azure AD will have been updated after the midnight Full Aggregation of the Identity Management IIQ.However, if the request to create a mail account is processed automatically by Service Now
While it is true that most preprocessing, delay, and synchronization is now unnecessary and almost all users will be set up to receive their Email after the midnight processing, it would a bad programming practice to assume that the person who approves a request will not wake up at 4AM and decide for some reason to make an approval. The existing code made no assumptions that new HR or Banner users would not show up in the middle of the night, and that design will also work for SIs who appear in the middle of the morning processing.
While the earlier 5:30AM job has Java code to decide who gets processed, this second job is controlled by an IIQ Population (users who match a configured Identity query). We need to change that Population to include people who have the as yet to be defined flag indicating they are MEMBER or AFFILIATE identities who should be given mail accounts.All Identities in the population are checked, and if the prerequisites have been met they are assigned a type of mailThe test for Population membership includes fields set by the earlier job, so you have to have been processed by the first job to be looked at by the second job. If we have changed the first job to begin processing new types of users, that may automatically put them in the Population during the later job.
There is code to double check all prerequisites. Early morning is a window for system changes, so we do not assume that other systems (like Azure AD Synchronization) are actually running on their normal schedule. If a requirement is not met, then the identity waits for the next run, which may be tomorrow.
The EmailTypeRoleSelector Rule gives O365 mail to anyone who is not a STUDENT or is a STUDENT in one of the School Codes that get Eliapps O365 mail. This logic will given O365 mail to MEMBER and AFFILIATE identities , which is the right choice, so no new code is requiredare not STUDENT and therefore get O365.
O365 Licenses (with or without mail) are assigned by Grouper and Group Based Licensing. This may happen before or after this code runs. This code no longer assigns any licenses. It does two things:
...
Although the requirement is described as “giving mail to an SI or Affiliate”, the existing code also gives a no-Mail account on the other system (O365 or Eliapps). The code would have to be changed if this new class of users is not supposed to also get a no-Mail account in the other system.
Grouper
For this to work, these new users also have to be put in a Group that will get the appropriate O365 licenses. Today this is done by Grouper. IIQ could do it, but we have decided to assign this function exclusively to Grouper.