This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Identity Governance & Lifecycle Discussions

Discussions about RSA Identity Governance & Lifecycle.
JayvanDam
Beginner
Beginner
‎2016-02-19 10:06 AM

Multi-App collector and disabled/locked out status?

Currently I am using several account collector to retrieve several applications from one database. I'm currently trying to find out of the multi-app collector could take over this take to simplify the configuration and ease the scheduling of load on the database. So far everything seems to work fine, but I am missing the locked-out and disabled state which I can configure with the account collector.

 

Is there some way to load the disabled and locked state when using the multi-app collector?

 

We are using RSA Via L&G version 7.0.0.93958.

Labels (1)
Labels
0 Likes
Reply
5 Replies
MikeSims
Beginner
Beginner
‎2016-02-23 08:56 AM

What type of Collector are you using? The OOTB disabled/locked state would imply you're using several AD collectors but you mention databases.

 

Unfortunately I think the account disabled attribute appears to be missing in the Multi-Application Collectors (I'm unsure why)

 

1.) For Databases you could extend the account attribute to hold an account disabled/locked state. You database collector would have to set this value (either writing directly the locked status or using a CASE to write a representative flag). For AFX connectors you'd have to implement the reverse logic (either writing a status code directly or deriving one in your update query).

 

2.) For Directories/LDAP you would have to extend the account to hold an attribute (such as userAccountControl). You could then map this value in your MAADC to collect this value and configure AFX to write to it for fulfilment.

0 Likes
Reply
ArmelLupapi
Beginner
Beginner
In response to MikeSims
‎2016-02-25 09:12 AM

1. I have defined myself the Is_Disabled status in the account collector sql script but it doesn't reflect within the accounts, under the application. Like it normally does within the application's account collected from a normal collector.

 

2. Not my inquiry for now. I have no application using AFX at present.

0 Likes
Reply
MikeSims
Beginner
Beginner
In response to ArmelLupapi
‎2016-02-25 09:19 AM

Yeah unfortunately as we're now setting a custom attribute this wouldn't be reflected in the application account view. As a work around we could set this in account collection post processor.

 

In the long term I would raise a support ticket so they officially added the account status in the multi-app collector. I can't this of a reason it's not there.

0 Likes
Reply
ArmelLupapi
Beginner
Beginner
In response to MikeSims
‎2016-02-29 05:36 AM

Yes, I have raised a ticket with them so they can add it as enhancement in a patch or the new version.

 

 

 

<http://puleng.co.za/>

 

armel lupapi

076 920 8549

armell@puleng.co.za<mailto:armell@puleng.co.za>

 

 

011 205 4300 | info@puleng.co.za<mailto:info@puleng.co.za> | www.puleng.co.za<http://www.puleng.co.za>

 

Email Disclaimer<http://www.puleng.co.za/disclaimer> This e-mail and any files transmitted with it are confidential and intended for the use of the individual or entity to whom they are addressed. To read the disclaimer click on the link below.

Reply
SubashChandraBe
Employee
Employee
‎2016-11-10 06:22 AM

Hi Armel. You are correct . A RFE had been raised for the asked options in Multi App ADC. 

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.