There is a way to create a custom form to let our helpdesk create themself some identities ?
Your form can use the non-visual provisioning command/AFX to populate an internal or external table that will contain user information that does not come from your HR source and then the data set in the populated table can be collected as identities. A counter using a database sequence can be used to assign a unique User_ID value to the identity.
Hope that helps!
We have a form to create Contingent labor accounts (Consultants), Service accounts, and security groups.
Basically, create a form with variables to fill in.
Declare the variables in a Fulfillment workflow.
You will need to declare the variables in the workflow and use them in the provisioning node.
Please note that this is a very high level of what needs to be done.
It is not without it's challenges :-)
Hum, not sure we are talking about the same things.
We are not talking about accounts but about identities.
Basically, it's fetch from HR systems but here, external has been created directly in the old IAM system by our helpdesk.
For us. our out-of-bound Identities (non HR) are only created in AD.
So the form is used to create the account, and then collected under another Identity Collector.
So again, the form is used to create the account to be collected as an Identity.
So you will need a form that feeds to a provisioning workflow.
The workflow will then right to a source of truth.
Wherever the account is created, you need to collect is as an Identity Collector.
Are you having a specific issue?
Ok it's pretty bad for us.
We have to let our HD create identities manually because our identities are not all on the AD.
Some of our identities are from other entity which have access to some business app only and need to be display on RSA for the governance only...
Nice idea, we didn't think about that.
I think this can be a solution for us.
They are a way to define the priority of source data ? For example, if we create manually an identity and later this identity is include in the HR system, the identity should switch to the "real" hr system instead of the manual hr system.
I think it's should be possible with a custom workflow right?
There is no option to prioritize source data, per se. Because users should only have one active Identity, the best practice would be to terminate the manually created identity (using a Modify User form and a business process to change attributes used for resolving accounts) and allow the HR provided identity to remain in active state.
Thank you for your help.
We will take a look to follow the best practice and our process.
Are you sure? If, as it appears to me, there would be two different identity collectors - one from HR, one from this custom source - then you can configure Unification to specify which IDC has priority in the event of the same userid coming in both collectors. Had to do that in the past.
Yes I agree, with the unification, you can choose the priority so it's okay now, we have done the implementation
Retrieving data ...