Symantec IGA

 View Only
  • 1.  Reconcilation issue - Reverse New Account Policy issue

    Posted Aug 06, 2019 07:19 AM

    Hi,

    I am performing a lab test Reconciliation of AD users to IDM, using Reverse Sync New Account Policy by workflow Suspend/Delete/Approve.

    But "Suspend" and "Delete" workflow operations working fine through Reverse Sync New Account Policy.
    But Accept(user creation from AD to IDM) is not working by workflow through Reverse Sync New Account Policy and without workflow also not working.

    Please suggest how to to resolve this issue - Accept(user creation from AD to IDM) is not working workflow through Reverse Sync New Account Policy.

    regards
    Ramesh



  • 2.  RE: Reconcilation issue - Reverse New Account Policy issue
    Best Answer

    Broadcom Employee
    Posted Aug 06, 2019 10:30 AM
    My understanding is that 'Accept' works in the case the newly found AD account has been correlated to an existing Global User. The 'Accept' action will accept the AD account (the correlation link and the existence of the account on the endpoint) and further update the Global User attributes' values to match the mapped AD account attributes' values. This is similar to the 'Update Global User Fields as Needed' check box of an Explore and Correlate (E&C) definition.

    If you want to create a Global User ID for a newly found AD account (that did not correlate to a Global User), then you need to do the following:

    1. Define a Reverse Sync Policy (type: Reverse New) with the 'Correlated User' drop-down set to 'Not Found'


    2. Send this reverse sync a Workflow Approval (where the Approval Task is 'Approve Reverse New Account')




    3. The Participant Resolver (the approver) will then manually fill in the form of the new user creation and submit (the system with then create the user).



  • 3.  RE: Reconcilation issue - Reverse New Account Policy issue

    Posted Aug 07, 2019 01:21 AM
    Hi Iyes,

    Please find my comments for below

    1. Define a Reverse Sync Policy (type: Reverse New) with the 'Correlated User' drop-down set to 'Not Found'
    Ramesh:set to 'Not Found'

    2. Send this reverse sync a Workflow Approval (where the Approval Task is 'Approve Reverse New Account')
    Ramesh: Already workflow assigned

    3. The Participant Resolver (the approver) will then manually fill in the form of the new user creation and submit (the system with then create the user).
    Ramesh: This is not required as already worflow triggered.

    Issue is worflow is not triggering and user is trying creating in iDM but not and user is only created in Provisioning Manager with only userid field and with blank firstname and lastname.

    when i set as below
    1. Define a Reverse Sync Policy (type: Reverse New) with the 'Correlated User' drop-down set to 'Not Found'
    Ramesh:set to 'Both'

    Workflow is trigerting fine for actions Suspend and Delete operations and user is suspending and deleting depending upon actions taken in workflow.

    But issue is when Approved the user is not creating in IDM but creating in iDM but not and user is only created in Provisioning Manager with only userid field and with blank firstname and lastname.

    Please suggest.

    regards
    Ramesh