Local User Connector
Local user connector is used for creation, update and deletion of the ESM local user information with EPE. Local user connector requires configuration according to customers use case, this means that workflow orchestration nodes are required to be configured. If baseline in use the process is described here.
ESM Security log logs the following events of those workflow nodes:
- Successful AND failed changes on User "security settings"
- User level changes
- Password
- Username
- User permission changes
- user given a role
- Creating a user
Create Local User
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The creating new local user orchestration node read attributes from Data Card in question and executes command to ESM.
| Mapping | Value |
|---|---|
| User name | Required property. Unique String attribute. |
| Person attribute | Required property. Matrix42 user reference. |
| Password attribute | Required property. String attribute. Note! Must be sync with ESM password requirements. See platform setting: password.rule.regexp. Default is that the new password must be at least 8 characters long and contains at least one uppercase character, and at least one number. |
| Password must be changed at first login | Possibility to choose if the password must change at the first login or not. |
| User level |
Required property. I left empty the user level will be normal. Allowed values: Normal – grants rights to view, edit, and delete templates, folders, and data cards as determined by the user role permissions. |
| Roles | Required property. Must be multivalue string, and has names of the roles from ESM. If you want to create user without ESM roles, insert value into this attribute which is not ESM role (value is required). |
| Last login timestamp | Define where local user's last login is saved. Optional setting. |
| Provisioning exception | Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Update Local User name
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The updating local user orchestration node read attributes from Data Card in question and executes command to ESM. ESM Security.log logs events of this node. Note! Root user's username update is not allowed.
| Mapping | Value |
|---|---|
|
User ID |
Required property. Unique String attribute containing user's current user name. Select attribute directly from this template. |
| New User name | Required property. Unique String attribute containing user's upcoming user name. |
|
Provisioning exception |
Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Update Local User Password
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The updating local user orchestration node read attributes from Data Card in question and executes command to ESM. ESM Security.log logs events of this node. Note! Root user's password update is not allowed.
| Mapping | Value |
|---|---|
| User name | Required property. Unique String attribute. Select attribute directly from this template. |
Password attribute |
Required property. String attribute. Note! Must be sync with ESM password requirements. See platform setting: password.rule.regexp. Default is that the new password must be at least 8 characters long and contains at least one uppercase character, and at least one number. |
User level |
Required property. I left empty the user level will be normal. Allowed values: "ROOT", "NORMAL", READ ONLY" / "READ-ONLY" / "READ_ONLY" . Works in lowercases too. Normal – grants rights to view, edit, and delete templates, folders, and data cards as determined by the user role permissions. Read-only – grants rights to only read data cards as determined by the user role permissions. Root user – grants unlimited rights to ESM data and data maintenance, without any user role restrictions. Use the root user level carefully, as it is exceptionally powerful. |
|
Provisioning exception |
Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Delete Local User
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The delete local user orchestration node read attributes from Data Card in question and executes command to ESM. ESM Security.log logs events of this node. Note! Root user cannot be deleted with this node.
| Mapping | Value |
|---|---|
| User Name |
Required property. String attribute containing user's current user name. Select attribute directly from this template. |
| Provisioning exception |
Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Add Local User role
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The add local user role orchestration node read attributes from Data Card in question and executes command to ESM.
| Mapping | Value |
|---|---|
| User name | Required property. Unique String attribute containing local user's username. Select attribute directly from this template. |
| Roles | Required property. Must be multivalue string, and has names of the roles from ESM that you want to add for the local user. |
| Provisioning exception | Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Remove Local User role
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The remove local user role orchestration node read attributes from Data Card in question and executes command to ESM.
| Mapping | Value |
|---|---|
| User name | Required property. Unique String attribute containing local user's username. Select attribute directly from this template. |
| Roles | Required property. Must be multivalue string, and has names of the roles from ESM that you want to remove for the local user. |
| Provisioning exception | Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Add License to Local User
Added to version 2025.3
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The Add License to Local User orchestration node read attributes from Data Card in question and executes command to ESM.
Activity handles only “All Modules” -type licenses.
| Mapping | Value |
|---|---|
| User Name | Required property. Unique String attribute containing local user's username. Select attribute directly from this template. |
| License Type |
checkbox is selected = Write checbox is not selected = Read |
| Provisioning exception | Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Remove License from Local User
Added to version 2025.3
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The Remove License from Local User orchestration node read attributes from Data Card in question and executes command to ESM.
Activity handles only “All Modules” -type licenses. If user has both write and read licenses, this removes those both from user.
| Mapping | Value |
|---|---|
| User Name | Required property. Unique String attribute containing local user's username. Select attribute directly from this template. |
| Provisioning exception | Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Change License to Local User
Added to version 2025.3
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The Change License to Local User orchestration node read attributes from Data Card in question and executes command to ESM.
Activity handles only “All Modules” -type licenses.
With this activity, you can change users read license to Write license.
| Mapping | Value |
|---|---|
| User Name | Required property. Unique String attribute containing local user's username. Select attribute directly from this template. |
| License Type |
checkbox is selected = Write checbox is not selected = Read |
| Provisioning exception | Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Report Licenses of Solution
Added to 2025.3 release as beta feature
Improved JSON reporting format in 2025.3.1 release
In the illustration above, the Mappings are from the target template, no separate EPE task needed for this. The Report Local Users Licenses orchestration node read attributes from Data Card in question and executes command to ESM.
Activity reports all licenses in json format to Report Data attribute.
| Mapping | Value |
|---|---|
| Report Data |
Node writes all pro and IGA platform licenses information to this attribute in JSON format. Format of JSON is, total amount of JSON objects in array depends on how many different licenses your environment has. One JSON object per module and license type, telling how many licenses there are for that module and type, how many of those are reserved and how many are free. |
| Provisioning exception | Provisioning exception is an optional property on this workflow node. Admins can configure this property in use where exceptions can be written if any exceptions exists during the provisioning actions. |
Table of Contents