Symantec IGA

 View Only
  • 1.  Explore & Correlate and Password Policies conflict.

    Posted Aug 09, 2017 10:53 AM

    Hello Guys


    Im working on IDM 12.6.8 on Weblogic 12.1.3.


    I have a situation right now where i need to schedule Explore And Correlate to run multiple times a day to bring new account or updates from an Active Directory Endpoint. In my environment i have configured the forgotten password task for self service, and im using password policies for control.


    The issue is that when the E&C runs and finds new account it fails, IDM brings all the accounts attribute to  the directory BUT the password, and that causes a conflict with the password policy, normally the error i get is Short Argument, wich means that the password lenght was not met. If i disable the Password  Policy the accounts are created sucessfully


    How can i address this issue? I need to have the E&C scheduled and the Password Policies for control



  • 2.  Re: Explore & Correlate and Password Policies conflict.
    Best Answer

    Posted Aug 09, 2017 02:03 PM

    The Explore will not retrieve the password for any account. The Correlate/Create will create the Provisioning global user with minimal fields of just the eTGlobalUserName and eTUserID. The Update can then update the Provisioning global user with any additional Endpoint Attribute Mapped fields.


    Not sure what your configuration/policies are exactly doing but perhaps they do not handle the use case where newly created users have no password values. Maybe you need to look at providing/generating an initial password for such users perhaps via a PX Policy of type=UI on submission of the Provisioning Create User task when password is empty or maybe via a default value on the task's screen or something. I have not tried that so not positive how that would work.


    You may also want to consider opening a support case if further assistance is needed from CA Support.