Symantec IGA

Expand all | Collapse all

Fire PX Policy on Successfully Assigning Provisioning Role

Jump to Best Answer
  • 1.  Fire PX Policy on Successfully Assigning Provisioning Role

    Posted 11-25-2014 01:01 AM

    Hi,

     

    We have a task (CreateUser) that creates a user. We have a PX Policy (AssignDefProvRole) that assigns a default provisioning role on user creation. This policy is configured to fire after "CreateUserEvent". We have another PX Policy (SendSMS) that is supposed to fire when the AssignDefProvRole policy fires and successfully assigns the default provisioning role to the newly created user.

     

    Currently we have configured the SendSMS policy to fire when the original task, CreateUser, completes (Task completed).

     

    However, this setup fails to comply with the intended purpose, which is to fire SendSMS policy on successful assignment of the default provisioning role. Even if the AssignDefProvRole fails (account creation on endpoint fails) to successfully assign the default poovisioning role, the SendSMS policy fires.

     

    It would be great if someone can work out how to achieve the intended goal.

     

    Thank you,

     

    Arij



  • 2.  Re: Fire PX Policy on Successfully Assigning Provisioning Role

    Posted 12-01-2014 10:07 AM

    Why not use the completion of the AssignProvisioningRole event to trigger the PX policy?



  • 3.  Re: Fire PX Policy on Successfully Assigning Provisioning Role

    Posted 12-08-2014 05:34 AM

    You can try this way...

     

    1st PX Trigger when (Policy Type=Submitted task) - Task Submission of CreateUser task

    Action: Add user with default provisioning role.

    Priority: 10

     

    2nd PX Trigger when(Policy Type=Submitted Task) - Task Completed of CreateUser task

    Action: Trigger SendSMS

    Priority:100



  • 4.  Re: Fire PX Policy on Successfully Assigning Provisioning Role
    Best Answer

    Posted 05-24-2015 05:25 AM

    There is no "completion" or "success" status for events, but only "Failed" status. So we decided to fire another policy on "Failed" status of   AssignProvisioningRoleEvent event to set a flag for policies to follow. However, this policy was also not being triggered. Working with CA support, we found the reason for this was that our main task was set for Account Synchronization "On task completion".

     

    With AccountSync=OnEveryEvent,during the AssignProvisioningRoleEvent the IM Server will send a request to the Provisioning Server that includes both the Provisioning Role and the eTSyncUsers flag which causes the account creation attempt to occur and causes the failure which leads to the PX being triggered.

     

    But with AccountSync=OnTaskCompletion during the AssignProvisioningRoleEvent the IM Server will send a request to the Provisioning Server that only includes the Provisioning Role and not the eTSyncUsers flag which does not cause a failure since no account creation is attempted. That does not occur until the SynchronizeAttributesWithAccountsEvent.