Inside Activate
Connectors
Change Handlers
8 min
change handlers consume pending changes detected by processimport and decide what to do (submit jobs, create roles, update users, log tickets, etc ) you select a handler by setting the process/provider in the workflow shared concepts where they run after processimport, each row in the data table with a pending action (create/update/delete) is passed to the handler common options \<process> \<provider>innovation activate library\innovation activate connectors userchangehandler\</provider> \<options> \<maxchanges>0\</maxchanges> \<! 0 = no limit > \<batchsize>500\</batchsize> \<retry> \<timeout>+2days\</timeout> \<! how long to keep retrying > \<clear>false\</clear> \<! if true, clear error flag after retries > \</retry> \</options> \<! handler specific config follows > \</process> common events (inside an \<events> block) create, update, move, delete, enable, disable steps you can use submit, execute, notify, end, retry, error, set, ticket, publish, unpublish userchangehandler use when connector data represents people that should link to ad users and drive identity lifecycle automation minimum config \<process> \<provider>innovation activate library\innovation activate connectors userchangehandler\</provider> \<user> \<link name="user account"> \<scope>=//roles/system roles/users\</scope> \<match when="employeenumber">(employeenumber=%=//current/employeenumber%)\</match> \<match when="domainname">(samaccountname=%=//current/domainname%)\</match> \<match>(givenname=%=//current/firstname%)(sn=%=//current/lastname%)\</match> \</link> \<! optional raise enable/disable based on an expression > \<enabled>=/isactive\</enabled> \</user> \<links> \<manager> \<scope>=//roles/system roles/users\</scope> \<match when="managerdomainname">(samaccountname=%=//current/managerdomainname%)\</match> \</manager> \</links> \<events> \<create> \<submit> \<task>=//tasks/user/create user\</task> \<arguments> \<user> \<firstname>%=//current/firstname%\</firstname> \<lastname>%=//current/lastname%\</lastname> \<manager>=//links/manager\</manager> \</user> \</arguments> \</submit> \</create> \</events> \</process> globals provided user — matched ad user (if found) links — collection of additional linked users (e g , manager) rolelinks — roles resolved by role link handlers rolechangehandler use when connector data represents a hierarchy you want as activate roles (e g , departments, locations) minimum config \<process> \<provider>innovation activate library\innovation activate connectors rolechangehandler\</provider> \<role> \<root>=//roles/departments\</root> \<key>departmentcode\</key> \<field>departmentcode\</field> \<name>=//current/department\</name> \<! choose one parent strategy field reference or explicit link > \<parent>parentcode\</parent> \<! field reference model > \<parameters> \<departmentcode name="departmentcode" type="string">=/departmentcode\</departmentcode> \</parameters> \<events> \<missing> \<createrole> \<description>created by import %=//system/now%\</description> \</createrole> \</missing> \</events> \</role> \</process> events raised by handler create, update, delete (plus createrole step for new roles) genericchangehandler use when you need event driven actions (submit jobs, run scripts) without built in user/role semantics minimal skeleton \<process> \<provider>innovation activate library\innovation activate connectors genericchangehandler\</provider> \<links> \<! optional ad lookups you want available during events > \</links> \<events> \<create> \<submit> \<task>=//tasks/custom/create thing\</task> \<arguments> \<data> \<externalid>=/id\</externalid> \</data> \</arguments> \</submit> \</create> \</events> \</process> globals links (if configured) scriptchangehandler use when change processing logic itself must be scripted (complex business rules, multi step orchestration) skeleton \<process> \<provider>innovation activate library\innovation activate connectors scriptchangehandler\</provider> \<script>=/changeprocessor\</script> \<options> \<batchsize>200\</batchsize> \</options> \</process> servicedeskticketchangehandler use when connector data represents tickets you want to create/update inside activate minimum config \<process> \<provider>innovation activate library\innovation activate connectors servicedeskticketchangehandler\</provider> \<user> \<! optional user link if tickets should be assigned to people > \</user> \<ticket> \<! define how to match to existing tickets > \<match field="ticketnumber">=/ticketnumber\</match> \<match field="jobid">=/jobid\</match> \</ticket> \<events> \<create> \<ticket> \<ticketnumber>=/ticketnumber\</ticketnumber> \<name>=/name\</name> \<state>=if(=/state, "closed", "open")\</state> \<status>=/status\</status> \<user>=//user\</user> \<description>=/details\</description> \<notes>=/notes\</notes> \</ticket> \</create> \</events> \</process> globals user (if user link configured), ticket (when matched) event steps (quick reference) submit — submit a job/task with arguments execute — run a script (inline reference) notify — send an email/notification (supports when=errors) end — mark successful end of the current event retry — keep change pending to retry later error — mark row as error; respects retry policy set — set parameter values without a script ticket — create/update an activate ticket publish / unpublish — toggle publication state for provisioning objects troubleshooting & hardening use options/retry/timeout to bound retry loops; alert on exceeded retries emit meaningful messages in error so operators can triage quickly add notify with when=errors and include a table of last error rows for bulk anomalies, prefer end + notify + manual intervention over automated retries