I have a securityrole.csv where Aveksa roles have been defined and has been ported successfully but I cannot work out how to create an account in the Aveksa app for a user which I would like to assign the new roles?
Thanks for your help, I now have it working.
I had to create an account template under "requests" then the account templates tab.
Then in the Aveksa application I went to requests and selected "Edit Account Template Associations" and specified the new template. Next I went to "Edit Account Template Settings" then was able to enable "Entitlements require account" to yes.
The create account button has now become active and I have successfully created and account.
You don't need explicitly create accounts for Aveksa application. The system will take care of it and will create an account based on the USER ID.
If I go into the Aveksa application and select the accounts tab I can see a "create account" and "Remove mappings" buttons, but both are greyed out. I'm logged in as AveksaAdmin so I would have assumed that these options should be available. How do I enable these buttons if this is the correct way to create accounts?
If this is not the way to create accounts can you point me towards documentation to do this?
The "create account" button is enabled whenever the Entitlements Require Account is configured as Yes.
The "remove mappings" button is enabled whenever you pick at least 1 account
But you don't need to make any changes on the Aveksa application.
The following videos might shed some light:
Explaining Aveksa Security Entitlements (SecurityContext.csv file)
Creating custom aveksa entitlements
I explained why the buttons are disabled, but your approach is not what I have suggested.
As I previously mentioned:
The Aveksa application is provided out of the box with the needed configuration. There is a reason why you can't modify the collectors and delete this application.
I suggest you revert the changes you made as they might have side effects.
I have now reverted the settings back. I now have noticed duplicate accounts are being created since I made these changes, this is within our lab environment so no real concerns.
You say "You don't need explicitly create accounts for Aveksa application. The system will take care of it and will create an account based on the USER ID." but when I try to add an aveksa entitlement the change request says "No resources found to assign to". The system is also not automatically creating an account.
What do I need to configure to enable so that when I assign access an account is created? The links provided previously delve into setting up app roles but I didn't see anything covering account creations.
Any help would be greatly appreciated.
Here is an example of the expected behavior.
A user is requesting Business Unit Administrator app role
As you can see, there is no other access for that user.
After the change request is processed, you will see the following access:
Another example is when adding a new role via the Privileges tab
No Aveksa account appears under the access tab
Adding Aveksa privilege AFX Administrator
New Aveksa account appears under the access tab:
But the issue is if I try and assign access to an existing user, an aveksa account for the user is not created and the request just stalls.
To assign access I went to the user then to the access tab, selected add entitlement and select the aveksa entitlement SAM team. Next I selected submit request then a request is created as below.
Why is it not automatically creating an account?
Try to remove the approval phase and try to request an out the box Aveksa application role (instead of the custom one - SAM team).
Is the behavior the same?
What fulfillment workflow configured for the Aveksa application?
I cleared all approvals for the Aveksa application and tried to add "AFX Administrator" to a user. This time it just passes the approval phase then the fulfilment phase just completes and the overall status of the request stays at 0%.Exactly the same as before except there is no message under the approval phase saying no resources found to assign...etc
The fulfilment workflow that is being used is the out of the box "Security Fulfilment Handler"
I have it working now, the Delegation workflow being called never have anything set for account creation so that why is just completed each time.
Retrieving data ...