Credential tagging for Orchestration activities

Credential tagging gives an administrator more control over the credentials used in Orchestration activities.

This is useful when an activity requires specific credentials to perform a task. You can use a credential tag to assign individual credentials to any activity in a Orchestration workflow or assign different credentials to each occurrence of the same activity type in an Orchestration workflow.

Credential tagging interacts with credential affinity to determine which credentials should be used for an Orchestration activity.

How credential tagging works

A business rule called Insert Discovery Affinity (renamed from Insert Credential Affinity in the Geneva release) runs when a record is inserted into the ECC Queue. This rule determines whether a credential affinity exists for the device and identifies the proper credential_id (the sys_id of the record in the Credentials [discovery_credentials] table) to use in the generated probe. When the platform encounters an affinity with a credential tag value defined (credential_tag in the business rule), the business rule determines if the credential referenced by the affinity has the specified tag. If it does, the business rule selects the credential_id of the tagged credential and passes that value to the probe. If the credential does not have the specified tag, any other affinities that exist for the target system will be checked. If no affinity references an appropriately tagged credential, the MID Server iterates through the Credentials [discovery_credentials] table and selects the credential with the appropriate tag. The MID Server then creates a new affinity for this credential.
Figure 1. Orchestration credential tagging logic