Attribute Synchronization sometimes updates attributes with attribute variable names instead of attribute values in RSA Identity Governance & Lifecycle
Originally Published: 2020-04-14
Article Number
Applies To
RSA Version/Condition: 7.1.1, 7.2.0
Issue
In the following example, Active Directory has two custom attribute fields that are updated by an Active Directory AFX connector when attribute synchronization detects one or both attributes have been modified via another collector type. These custom attributes are account attribute Employee_Status and user attribute Department. In AFX, their corresponding mapping variable names are ${Account.Employee_Status_ES} and ${User.Department}.
Note: When defining custom attributes (Admin > Attributes), there is an Attribute Name and a Reference Name. These names can be different. In this case, the employee status Attribute Name is Employee_Status and the Reference Name is Employee_Status_ES. The reference name is used when mapping the attribute in AFX.
- Existing values in Active Directory prior to collection:
- Employee_Status=Active
- Department=Engineering
- After collection, a change in department is detected. The new department is Accounting.
After attribute synchronization, the expected result in Active Directory is:
- Employee_Status=Active
- Department=Accounting
The actual behavior is:
- Employee_Status=${Account.Employee_Status_ES}
- Department=Accounting
Note the Employee_Status has been updated with the custom attribute variable name rather than the field value which should have remained Active.
Cause
- There is more than one attribute defined for attribute synchronization but not all the attributes need to be updated. (In this case both attributes are defined in the attribute synchronization process but the Employee_Status attribute did not change and therefore did not need to be updated.)
- The Attribute Name and Reference Name of the custom attribute are different. (In this case, the employee status Attribute Name is Employee_Status and the Reference Name is Employee_Status_ES.)
Resolution
- RSA Identity Governance & Lifecycle 7.1.1 P07
- RSA Identity Governance & Lifecycle 7.2.0 P02
Workaround
Related Articles
After refreshing a user access review, the business source values for roles (role sets) display as null in RSA Identity Go… Number of Views The RSA Identity Governance and Lifecycle view for V_AVR_ACCOUNT_ENTITLEMENTS does not include all expected data in RSA Id… Number of Views RSA Identity Management and Governance Activity is not created for a change item in a Change Request Number of Views Special characters other than '_' and '$' are not allowed for Variables in AFX Connector Mapping Fields in RSA Identity Go… Number of Views Fine grained role review with sign-off option and maintain action for all items of the role is generating a CR and the CR … Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
