Symantec IGA

Hello,

We are working on IDM 12.6.8, right now we have configured some tasks on IDM to work with end user password management, so we have an end user admin role that should be assign to End Users and a Help Desk rol wich has different tasks than the end users and it should be assign to the Help Desk users.

The users are created in IDM after an Explore and Correlate that runs periodically, right now we are bringin the users with some attributes, like Name, User ID, and others. Now we have the need to bring from AD the groups that are created on the endpoint, the objective is to create those groups on IDM (like we create the users) and assign the users to their corresponding groups (The only attribute that tells me to what department a user belongs is the group). This would help us to assign the Help Desk role to the corresponding users automatically.

Is there a way to do this, or something similar? 

Regards

When performing the Explore/CorrelateCreate of an endpoint system the Provisioning Users are created which generate inbound notifications sent to the IM Server which trigger Provisioning Create User tasks. The same however is not true for other endpoint objects. 

The only thing I could suggest would be dump out information from the endpoint system itself (perhaps using LDIFDE utility) and then parse the output and use it as input to either an IM Bulk Load or perhaps directly fed into the userstore itself (either sql or ldapadd).