Adding users - detailed process description
At this point, we assume that you are already familiar with practical steps in the UI, as described in Custom Widgets.
Here you will gain a better understanding of the process related to granting users with access to a project repository.
This information will help you to be more efficient when reaching out to the Insights customer support team, in case of any issues with the access.
Process steps
Insights informs the invited user
The user receives an auto-generated email from Insights, informing that a request has been submitted to oneIDM to add his/her account to the GitHub repository of the given project.
The user is informed that the process might take several hours.
This could be faster if the user is already a member of the Insights Customers organization at GitHub for example if he or she is already added to another Insights project repository.
Insights triggers a oneIDM role request and approval
Automatically a request is triggered to oneIDM for assignment to the user of the relevant member role for the Insights Customers organization at GitHub.
The oneIDM role is called IDM2BCD_BDC_Githubcom_org90_member.
BDC in the role name stands for Bosch Development Cloud. It provides a managed GitHub Enterprise Cloud (GHEC) service to the Bosch business units.
For details, refer to GitHub Enterprise Cloud (GHEC).
The request is processed by oneIDM.
This may take up to several hours.
The processing includes also an approval by the Access Right Owner of the GitHub organization member role.
This approval is granted automatically based on a delegation rule configured in oneIDM.
The user is informed by oneIDM by email about the processing status of their assign member role request, e.g. request submitted, request completed, etc.
Through the links provided in the emails, the user can easily monitor the processing status of the request in the oneIDM portal.
GitHub invites the user
When the oneIDM role is successfully assigned, the user is provisioned to the All members team of the Insights Customers organization at GitHub.
The user receives an invitation email from GitHub containing a Join button. By clicking it and successfully authenticating, they can join the Insights Customers organization.
More details on the authentication are available in Accessing the GitHub repository.
Insights adds user to repository
The service will regularly check the state of this process.
As soon as the user is successfully added to the Insights Customers organization at GitHub, Insights can finally add the user to the project-specific repository through a call to the GitHub API.
Technically, this is done through a background job.
Access statuses explained
The possible user access status values and their description are as follows:
Access requested
The request for the oneIDM member role assignment was successfully sent to oneIDM.
IDM role assigned
The oneIDM member role was assigned to the user.
Note that at this point Insights will try to add the user to the target (i.e. the project-specific) GitHub repository.
This attempt will fail as the user has not entered yet the Insights Customers organization at GitHub.
Failed to add user to GitHub repository
Insights tried to add a user with an already assigned GitHub member role to the target repository, but this failed.
Normally, this message will appear just because the user has not yet entered the organization.
So, in that case it is not really a problem.
However, if the user joined the organization successfully and the status remains unchanged for a while, it means that there might be a technical problem, which has to be investigated by the service support team.
Active
The status will change to this value if finally everything went well, i.e. the user joined the "Insights Customers" organization and Insights successfully added the user to the target repository.
Currently, the UI does not display the IDs of the oneIDM requests but only saves them internally for status monitoring.
However, if the oneIDM request IDs are needed for troubleshooting, they can be obtained through the reporting functionalities of oneIDM.