Symantec IGA

 View Only
  • 1.  IDM BLTH

    Posted Mar 22, 2020 02:02 PM
    Hello, 

    We have a requirement for our organization where we are trying to streamline the management of the users cost center codes in our offices.

    Here is a example:
    Our offices are represented by OUs in AD. 
    Each office supports a couple of cost centers: AP, CAM, BILL --> this is current a phyiscal attribute in AD called "CC" for cost center
    Each user is tied to one or more cost centers --> on their user profiles in AD, they the attribute CC and the cost center(s) they are tied to. 

    What we are trying to do is implement some java blth so that if we update or delete one of the cost centers assiciated with the office (OU), the change for all users in the OU.. lets say we change AP to "accounts payable" then we would need all the user's CC values that were AP to be "Accounts Payable"

    Can anyone provide some input on what methods we can use to have IDM process this when we create a modifyorganization event task?



  • 2.  RE: IDM BLTH
    Best Answer

    Broadcom Employee
    Posted Mar 23, 2020 10:15 AM
    Basically you are trying to edit the value of an attribute for users that may not be in that OU.

    You would need to search for all users that have that value in their multi-valued attribute, then change that value, then rename the OU.

    There is no out of the box task that could do both steps at once. you would have to create a custom path like:
    Search for all users to create a list.
    Save the current values of the attribute
       AP, CAM, BILL
    Edit the values of the attribute
       Accounts Payable, CAM, BILL
    Perform a bulk modify user task to write the new value
       Accounts Payable, CAM, BILL
    Rename the OU

    Bill Patton

    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------



  • 3.  RE: IDM BLTH

    Posted Mar 23, 2020 10:32 AM
    Edited by Darius Greene Mar 23, 2020 10:32 AM
    Bill, 

    Thanks for your reply. 
    Clarification is that all the users are in the same OU.
    When you say "bulk modify user" what do you mean by that, how is this implemented in IDM? I think this is the missing piece to the puzzle


  • 4.  RE: IDM BLTH

    Broadcom Employee
    Posted Mar 23, 2020 10:19 PM
    You would need to look at the documentation for you version.

    Look for bulk modify or bulkloader client

    Bill

    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------



  • 5.  RE: IDM BLTH

    Broadcom Employee
    Posted Mar 25, 2020 09:58 AM
    Hi Darius
    Effectively, Bill means you have to make a bulk change on several users every time there is a change to the OU.
    One way to implement it is via an Event Listener. So every change to an OU (deletion / modification) - you will need to search all users with the relevant value and update their CC attribute value accordingly. Please ensure the CC attribute for users in indexed, so search is optimized.

    Regards
    Rinat Matityahu
    Principal Support Engineer
    Broadcom Technical Support - EMEA