Symantec IGA

Expand all | Collapse all

IDM Policy Xpress Unable to Assign Provisioning Role

Jump to Best Answer
  • 1.  IDM Policy Xpress Unable to Assign Provisioning Role

    Posted 05-11-2016 10:49 AM

    Hi all. I'm currently working on creating user accounts in IDM and having them also created out in AD. I've created a policy xpress policy that will set a user's provisioning role based on their AD domain attribute. Using the out of the box create user admin task, I've verified that the policy is triggered, however, the provisioning role never gets assigned. There are no failures, the matching rules are correct, and the overall task completes successfully. I can assign the role manually with no issue, but my policy cannot do the same. Any help would be appreciated, thanks!



  • 2.  Re: IDM Policy Xpress Unable to Assign Provisioning Role

    Posted 05-11-2016 12:54 PM

    When you manually added the Provisioning role did you do this via the Provisioning manager or the IME?

    When you say based on the AD Domain Attribute is this being seen in your PX. Have your POLICY email you the same attributes that it is using to chose a provisioning role so you can verify what is being seen.

     

    Glenda



  • 3.  Re: IDM Policy Xpress Unable to Assign Provisioning Role

    Posted 05-11-2016 01:04 PM

    Manually via the "provisioning roles" tab located under "Modify User".

     

    I had the policy change the phone number of the user when the matched condition occurs as a debug statement. So I know that it's recognizing the attribute and kicking off the "add provisioning role" event.



  • 4.  Re: IDM Policy Xpress Unable to Assign Provisioning Role
    Best Answer

    Posted 05-24-2016 03:58 PM

    With the aid of support we were able to find the issue. Mismatching attributes in the CIS was the culprit. Provisioning manager will automatically fail a transaction if there are mismatched/misnamed custom attributes regardless if they are actually in use. Fixing these resolved our issue.