Symantec IGA

  • Private Community
 View Only

  • 1.  Allocating 2 AD account templates in 1 Prov role

    Posted Nov 25, 2019 03:17 AM
    Hello All.

    I have one basic AD account template (providing birthright access).
    I have 50 other account templates (per division)

    I would like to create 50 roles, reusing the first A/T above, common to each (i don't want to repeat the basic access for the 50 roles)

    The Issue is in the account container:
    - the basic A/T uses container "Users"
    - the 50 other A/T are using 50 different containers (one per division)
    - when i allocate the prov role (that includes both A/T) the account is set to container "Users" (as per the basic A/T), and never to container Minneapolis for example (for division=Minneapolis).

    I tried to play with the order of the A/T in the role, but no help. I should not have to use PX to move the account, there must be an OOTB solution I think.

    Thanks for helping!
    Charly


  • 2.  RE: Allocating 2 AD account templates in 1 Prov role

    Posted Nov 25, 2019 03:44 AM

    Hi Charly,

     

    Are you just using the second AD template to just move them to specific container based on the division?

     

    Thanks,

    Rajesh.

    NOTICE: All information in and attached to the e-mails below may be proprietary, confidential, privileged and otherwise protected from improper or erroneous disclosure. If you are not the sender's intended recipient, you are not authorized to intercept, read, print, retain, copy, forward, or disseminate this message. If you have erroneously received this communication, please notify the sender immediately by phone (704-758-1000) or by e-mail and destroy all copies of this message electronic, paper, or otherwise. By transmitting documents via this email: Users, Customers, Suppliers and Vendors collectively acknowledge and agree the transmittal of information via email is voluntary, is offered as a convenience, and is not a secured method of communication; Not to transmit any payment information E.G. credit card, debit card, checking account, wire transfer information, passwords, or sensitive and personal information E.G. Driver's license, DOB, social security, or any other information the user wishes to remain confidential; To transmit only non-confidential information such as plans, pictures and drawings and to assume all risk and liability for and indemnify Lowe's from any claims, losses or damages that may arise from the transmittal of documents or including non-confidential information in the body of an email transmittal. Thank you.



    Original Message


  • 3.  RE: Allocating 2 AD account templates in 1 Prov role

    Posted Nov 25, 2019 06:37 AM
    Hi Rajesh-

    no, the second A/T also has some groups, specific to the division. and also a specific OU.

    ------------------------------
    Senior Consultant/Architect- CA Identity Suite SME
    Topspin Technologies (Partner)
    ------------------------------

    Original Message


  • 4.  RE: Allocating 2 AD account templates in 1 Prov role
    Best Answer

    Broadcom Employee
    Posted Nov 25, 2019 08:09 AM
    You should configure both AD Account Templates to use some filtering rules based on a Provisioning User attribute value to determine which container to be used. All the templates should have the same filtering rules configured.
    Original Message


  • 5.  RE: Allocating 2 AD account templates in 1 Prov role

    Posted Nov 25, 2019 08:30 AM
    Right- 2 roles or 2 A/T pointing to 2 different OU cannot be achieve. That's also what i figured out in the meantime :)
    Thanks Kenny

    ------------------------------
    Senior Consultant/Architect- CA Identity Suite SME
    Topspin Technologies (Partner)
    ------------------------------

    Original Message