Symantec IGA

  • Private Community
Back to discussions
Expand all | Collapse all

Solution to implement Syn Users with Provisioning Role in IM r12.5

  • 1.  Solution to implement Syn Users with Provisioning Role in IM r12.5

    Posted Feb 12, 2010 03:49 AM
    Hello,  I feld it  worth sharing the information & solution provided by CA support about my request.I wanted to be able to have the foncitonality "synchronize User with  provisioning role" directly from the IM Web interface.True,   we get these functions available from IM Provisioning Manager but I felt the need to have it also from the WEB gui.  Reason :As an example,  a manager attaches a Provisioning Role to a user and unfortunately gets an error message for some accounts creation (could be multiple reason like the password is empty - quite often or the endpoint is temporarily unavailable).Then after having corrected the issue, we might want to synronize without having to use the provisioning manager (often the usage of Provisioning Manager gets centralized in a different & specifi  team).  


  • 2.  Re: Solution to implement Syn Users with Provisioning Role in IM r12.5
    Best Answer

    Posted Feb 12, 2010 03:51 AM
    now the solution :smileyhappy::  It  had  been  confirmed  this  is  a  missing  feature  in  Identity  Manager interface.As  possible  workaround  you  could  use  the  IM  API  set  such  as  BLTH  in  order
    to  create  new  IM  tasks  that  will  simply  perform  the  API  calls  similiar  to
    setting  eTSyncUsers  and  eTSyncDelete  on  Provisioning  Global  Users.
    Here  is  sample  BLTH  javascript  that  could  be  added  to  new  IM  tasks.
    One  task  for  each:
    //Create  new  IM  task  to  simulate  Prov  Sync  User  With  Role  -  Add  Account
       function  handleValidation(blthContext,  errorMsg)  {
               var  userSubject=blthContext.getUser();
               userSubject.synchProvisioningRolesAddAccounts();
               errorMsg.reference="An  error  has  occurred.";
               return  true;
       }

    //Create  new  IM  task  to  simulate  Prov  Sync  User  With  Role  -  Delete  Account
         function  handleValidation(blthContext,  errorMsg)  {
                 var  userSubject=blthContext.getUser();
                 userSubject.synchProvisioningRolesDeleteAccounts();
                 errorMsg.reference="An  error  has  occurred.";
                 return  true;
         }

    Configure  both  new  IM  tasks  to  have  UserSync=Off  and  AccountSync=Off  and
    only  have  a  single  Profile  tab.
    The  tab  is  configured  with  "Hide  Validate  Button"  and  "Always  generate
    event  even  when  no  attr  changed".