Attribute Synchronization sometimes updates attributes with attribute variable names instead of attribute values in RSA Identity Governance & Lifecycle
Originally Published: 2020-04-14
Article Number
Applies To
RSA Version/Condition: 7.1.1, 7.2.0
Issue
In the following example, Active Directory has two custom attribute fields that are updated by an Active Directory AFX connector when attribute synchronization detects one or both attributes have been modified via another collector type. These custom attributes are account attribute Employee_Status and user attribute Department. In AFX, their corresponding mapping variable names are ${Account.Employee_Status_ES} and ${User.Department}.
Note: When defining custom attributes (Admin > Attributes), there is an Attribute Name and a Reference Name. These names can be different. In this case, the employee status Attribute Name is Employee_Status and the Reference Name is Employee_Status_ES. The reference name is used when mapping the attribute in AFX.
- Existing values in Active Directory prior to collection:
- Employee_Status=Active
- Department=Engineering
- After collection, a change in department is detected. The new department is Accounting.
After attribute synchronization, the expected result in Active Directory is:
- Employee_Status=Active
- Department=Accounting
The actual behavior is:
- Employee_Status=${Account.Employee_Status_ES}
- Department=Accounting
Note the Employee_Status has been updated with the custom attribute variable name rather than the field value which should have remained Active.
Cause
- There is more than one attribute defined for attribute synchronization but not all the attributes need to be updated. (In this case both attributes are defined in the attribute synchronization process but the Employee_Status attribute did not change and therefore did not need to be updated.)
- The Attribute Name and Reference Name of the custom attribute are different. (In this case, the employee status Attribute Name is Employee_Status and the Reference Name is Employee_Status_ES.)
Resolution
- RSA Identity Governance & Lifecycle 7.1.1 P07
- RSA Identity Governance & Lifecycle 7.2.0 P02
Workaround
Related Articles
Security Domains Number of Views Setting up on-the-fly SOAP logs in production Number of Views RSA Identity Management and Governance Activity is not created for a change item in a Change Request Number of Views Update a Group Capability in Active directory Connector fails to update the [info] attribute with "java.lang.NullPointerEx… Number of Views How to retrieve ECDH public key data after R_CR_key_exchange_phase_1() Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory
Don't see what you're looking for?
