Use case: Attribute sync - Active Directory ‘manager’ (account) attribute when supervisor (user) attribute value changes on HR source.
We collect the HR identity data from a DB source.
We have set-up an attribute sync on the ‘supervisor’ user attribute with a target account attribute mapped to the custom account attribute 'managerx' (STRING).
This is collected from AD = ‘manager’ so would be the manager's DN.
Upon a supervisor change, a request is generated with the ‘ID’ value of the manager as the change request item – hence does not ever verify.
Have added an SQL node in the workflow to lookup the DN of the manager to pass to AFX before the 'Calculate items to work on' and 'AFX Fulfillment Handler' nodes, hoping to use the AFXCUSTOM_xxx notation.
| SQL Select Node |
|---|
| SELECT distinct sup.CUS_ATTR_USER_CAS_1 as AFXCUSTOM_ACCOUNT_MANAGERX, usr.CUS_ATTR_USER_CAS_1 as AFXCUSTOM_Usr_Dn FROM T_MASTER_ENTERPRISE_USERS usr JOIN T_AV_USER_ACCOUNT_MAPPINGS map ON usr.id=map.user_id JOIN t_av_accounts acc ON map.account_id=acc.id join T_MASTER_ENTERPRISE_USERS sup on usr.SUPERVISOR_ID=sup.id where account_id='${access_request_cri_acc_id}' |
AFX Mapping for the capability – Update account:
| Parameter Name | Mapping |
|---|---|
| Account Name | ${Usr.Dn} |
| Manager | ${Account.Managerx} |
It is not updating as expected (taking the value for AFXCUSTOM_xxx).
or ever verifying (this is expected since the ID is in the change request item).
Has anyone successfully (easily) set this up?
Version 7.0.1
Thanking you in advance
Bilal
Hi Bilal,
Were you able to resolve this?
We are facing the same issue as well. Even though Manager DN is derived using AFXCUSTOM attribute in the workflow, this is not getting mapped in Update Account action of AD AFX connector (as this is expecting Manager account attribute & not workflow AFXCUSTOM attribute)
Thanks,