Governance for Omada Identity
The feature is designed to manage only the current Omada Identity instance. This means you can't manage multiple Omada Identity instances from the current instance.
The Governance for Omada Identity feature enables you to govern the users and user group memberships on Enterprise Server. To achieve it, the following objects are mapped to corresponding objects in the Omada Identity system:
| Enterprise server object | Omada Identity system object |
|---|---|
| users | accounts |
| user groups | resources |
| user group memberships | resource assignments |
The connectivity of the Governance for Omada Identity feature relies on OData connectivity, using its collector and connector. To understand its functionality and learn how to configure it properly, especially if you plan to modify the standard configuration, refer to the OData connectivity documentation.
Identities require account assignment in the Omada Identity system to acquire users and assignment to group resources, allowing them to become a members of the user group.
The users and user group memberships are imported in the Omada Data Warehouse as permission assignments.
The provisioning and deprovisioning of the accounts and group memberships is conducted by a combination of the Omada Provisioning Service and Role and Policy Engine.
For Cloud Management portal the membership of the Platform administrator group cannot be provisioned though the Omada Provisioning Service. If an assignment to the Platform administrator is granted, the OPS task fails.
The relationship between the User and the Identity through the IDENTITYREF property is populated for personal and technical accounts.