This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
MuzammilK
Beginner
Beginner
‎2017-12-06 05:36 AM

Compare AD attribute to calculate the next value

Jump to solution

Hi,

We've a requirement where we need to set the description of AD accounts in the format "AB012345", so the process is to retrieve the latest value, increment it and set it. I've set a custom account attribute to collect this attribute during account collection, and I've written a query which will fetch and increment the value in the workflow.

This works, but the issue after successfully creating an account in AD with say "AB000010", this account is not collected and hence not available in DB after the request is completed. So if another request is made before the next scheduled collection it will create the next account with "AB000010" instead of "AB000011".

 

Is there a way to run an account collector after a provisioning node is completed in workflow to fix this issue?

 

The other workaround would be to create a custom table and use that to get the updated value, but I'm not sure if that's advisable keeping upgrading in mind.

 

Else, is there a way to fetch values directly from AD using Javascript using naming policies?

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
BorisLekumovich
Frequent Contributor Frequent Contributor
Frequent Contributor
‎2017-12-06 05:50 AM

Jump to solution

Here is one approach to consider

 

Create a custom managed user attribute.

After the calculation of a unique value, store it in that attribute (not ideal, but you will have to update an internal table - T_MASTER_ENTERPRISE_USERS)

 

During you calculations, add additional source of information to take into account (from pv_users)

 

With regards to custom table, see the following post - https://community.rsa.com/thread/194188 

View solution in original post

Reply
6 Replies
BorisLekumovich
Frequent Contributor Frequent Contributor
Frequent Contributor
‎2017-12-06 05:50 AM

Jump to solution

Here is one approach to consider

 

Create a custom managed user attribute.

After the calculation of a unique value, store it in that attribute (not ideal, but you will have to update an internal table - T_MASTER_ENTERPRISE_USERS)

 

During you calculations, add additional source of information to take into account (from pv_users)

 

With regards to custom table, see the following post - https://community.rsa.com/thread/194188 

View solution in original post

Reply
MuzammilK
Beginner
Beginner
In response to BorisLekumovich
‎2017-12-06 06:33 AM

Jump to solution

Thanks for the reply Boris

0 Likes
Reply
JaydeepMehta
Employee
Employee
In response to BorisLekumovich
‎2018-01-19 07:51 AM

Jump to solution

Hi Boris,

 

I too have similar use-case, Cannot we run the adHoc account collector post provisioning node for a single entity.

 

The desired approach in my use case is to run a collection post provisioning for the provisioned entity.

 

Thanks,

Jaydeep Mehta

0 Likes
Reply
PradeepKadambar
Moderator Moderator
Moderator
In response to JaydeepMehta
‎2018-01-19 09:49 AM

Jump to solution

The cost of running too many collections is high. Think about a scenario where this update is triggered 50 times a day, so you will have 50 ADC runs and if you have (50) Rules configured to run after any collection then you will have the rules run 2500 in a day.

 

It is not a recommended practice to run collections from workflows for end user requests.

Reply
JaydeepMehta
Employee
Employee
In response to PradeepKadambar
‎2018-01-30 06:25 AM

Jump to solution

Hi Pradeep,

 

I agree cost of running full recon/ collection will be high & also yes if rules are configured post collections it will be more resource utilization. 

 

I was checking if the recon with filter is available rather than full recon, like in case of OIM. I mean recon with user filter will not cause resource util & also will allow for faster validation of account provisioning. 

 

Thanks,
Jaydeep 

0 Likes
Reply
PradeepKadambar
Moderator Moderator
Moderator
In response to JaydeepMehta
‎2018-01-30 09:36 AM

Jump to solution

Sure, if you think you would like to see a feature in the product, do submit the idea here https://community.rsa.com/community/products/governance-and-lifecycle/ideas 

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.