Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000030371 - IMG: AFX: Provisioning app-roles to users sporadically fails yet CRs show 100 percent fulfilled

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000030371
Applies To	RSA Product Set: Identity Management and Governance RSA Product/Service Type: All RSA Version/Condition: All
Issue	When granting app-roles to users using an AFX connector, one or more entitlements sometimes do not get propagated to the data source yet the corresponding change requests (CR) show as 100% fulfilled. .
Cause	The AFX fulfillment workflow that is being used by the change request has a "mark verified" node but no "wait for verification" node. As a result, all requests are marked as verified whether they succeed or fail. IMG may know about these failures but we ignore them because the workflow says to mark them as verified which in turn marks the CR as completed.
Resolution	Add the "wait for verification" node to the AFX fulfillment workflow so that we can confirm that what we asked the end point to do has actually happened. If a failure occurs, the CR will not be marked as verified and therefore not completed. As a result, failures will be revealed and may subsequently be trouble-shooted.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

Re: Data reconciliation - Close to Real time