Hello,
First of all, thank you for your interest in Softerra Adaxes!
Your requirements are quite typical and we do nor foresee any considerable issues or challenges with implementing what you need. As to your specific requirements:
Enter co-worker information in a web interface doing some input control to ensure data quality and information consistency
To ensure data integrity and consistency, you can use Adaxes Property Patterns. Property Patterns allow you to specify required properties, define property constraints and formatting rules, as well as specify default values for properties. For more information on using Property patterns, see the AD Data Integrity video. For information on how to perform the most typical tasks, see the following set of tutorials: Simplifying Data Entry.
Then, I would like an optional approval step if the user have specific business role
This is also possible. How is a business role defined in Active Directory? Is there a certain AD attribute used for this purpose? If yes, you can send a new user request for approval only if the attribute is assigned a certain value or values.
The AD account provisioning process is nothing special, only the usual username/email address uniqueness checks, setting UPN to the email address and then some group memberships depending on the user role
As for username/email address uniqueness checks, have a look at the following tutorial: http://www.adaxes.com/tutorials_Simplif ... Script.htm. Example 2 on step 5 of the tutorial shows how to automatically add a digit to the username if it is not unique. You can use the same approach for the email address. Alternatively, instead of generating a unique value, you can cancel the operation, so that users could come up with a unique username / email address themselves.
As for adding group memberships depending on the user role, see the following tutorial: http://www.adaxes.com/tutorials_Automat ... rtment.htm.
Fire off a script that creates/modifies a user object in Dynamics AX using their "NewAXUser" Powershell cmdlets. AX gets a reference to the AD user (sAMAccountName)
Fire off another script or export data for Domino (Lotus Notes) account creation based on the same person data, account names and such (Haven't had time to explore technical options here, but presuming it's possible one way or the other...)
For information on how to automatically run PowerShell scripts after creating a user, see the following tutorial: http://www.adaxes.com/tutorials_Automat ... ngUser.htm. As for the actual scripts, you can use our SDK and Script Repository as source of information and examples. If you find difficulty with your scripts, we will help you.
One challenge I can see is that there would be limited capability to ensure the account was created successfully in the target systems, but that is a general challenge and typically only addressed in way more complex and expensive IAM solutions.
Every operation performed via Adaxes, including running a PowerShell script, is logged. Using scripts, you can update Adaxes logs with your own information, warnings, error messages etc. For example, when using the New-AXUser cmdlet, you can forward any errors returned by the cmdlet to Adaxes log. Then, you can use that information to track any issues in interacting with external systems. For information on how to update logs from a script, see section Updating the Execution Log in the following article: http://www.adaxes.com/sdk/?ServerSideSc ... ecutionLog.