I have an use case to auto-create an admin account upon successful creation of end user account in IDM. These 2 accounts has to be maintained as separate accounts with unique UID/saAMAccountName and has to provisioned to the target system(AD).
Here is an example:
User account - Test
Admin User account - Testadmin
IDM user "Testadmin" has to be created automatically post successful creation of "Test" user.
Please let me know your suggestions to achieve this.
Yif you only need two AD accounts (linked to 1 IM user) then you can use rule strings to create the accounts using two account templates (see https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/managed-endpoints-and-provisioning/provisioning-roles/attributes-and-rule-strings-in-account-templates). For examples:
User account -> %U% -> Test
Admin User account -> %U%admin -> Testadmin
If you need two IM users, then a PX with a SOAP call to the TEWS is required.
Thank You Gil, requirement is to have 2 IM users.
I was also thinking about calling TEWS from PX for admin account creation.
Yes, I would agree with this approach. I'm currently using TEWS from PX to make access requests for movers if their department changes. You should be able to do the same thing for new joiners.