In EmpowerID, Provisioning policies, also known as "Resource Entitlements" or "RETS," are policies that can be created to automate the provisioning, moving, disabling and de-provisioning of resources to users based on their meeting certain qualifying criteria, such as belonging to a specific group, Management Role, Business Role and Location, or Query-Based Collection. Once a policy is created and enabled, EmpowerID continuously evaluates the policy to determine who should and should not have the resource specified by the policy.
|
This topic demonstrates how to create a RET policy that automates the provisioning and de-provisioning of Exchange mailboxes.
Provisioning policies can be targeted against any number or combination of Management Roles, groups, Business Roles and Locations, Query-Based collections, as well as individual people. |
Require Approval if Deprovision Batch Larger Than Threshold - This field allows you to set a numeric value that needs to be reached by a single run of the Resource Entitlement Inbox before an approver needs to approve the deprovisions. If the threshold is reached, EmpowerID will not deprovision any of the accounts until approval is granted.
As a best practice, when testing provisioning policies, you should select All Provisions Require Approval and All Deprovisions Require Approval to become familiar with how EmpowerID processes RETs. Then, when moving to production, you can set the approval thresholds to a number that makes sense for your environment. |
In our example, we have selected All Provisions Require Approval and All Deprovisions Require Approval, meaning that the provisioning and deprovisioning of all mailboxes must be approved before those mailboxes will be processed by RET Inbox.
Next, assign the policy you just created to one or more targets as demonstrated below.
If you selected Approve All Provisions, you must manually approve each item in the Resource Entitlement Inbox for this policy before EmpowerID will provision the mailboxes. This is demonstrated in the next section.
Click the Pending Approval tab. You should see a list of all RETS requiring approval.
If you do not see a list of RETS pending approval, allow several minutes for EmpowerID to process the RET policy and then press the Search button. |
On your Exchange server, open the Exchange Management Shell and run the following Powershell cmdlet (the cmdlet assumes you provisioned the mailboxes within the last day):
Get-Mailbox -resultsize unlimited | where {$_.WhenMailboxCreated -gt (get-date).adddays(-1)} |ft Name,whenMailboxCreated -Autosize |
|
|