Hello,
I have added create account for oracle source in IdentityNow. What I observed is when I trigger the create account operation it is showing me successful and it is creating correct account on source, but on IdentityNow end the account name is showing blank. When I run the account aggregation the data it is showing is accurate. I am using the single account query as well here.
Hi Priyanka,
Do you have the account name attribute created in create account provisioning policy and is it exactly the same as account scheme attribute?
For example, if the schema attribute is samaccoutname then in create provisioning policy too this attribute should be there with the same name samaccountname mapped to identity attribute.
If yes, can you please share some more details about how create operation is configured
Thank you.
Regards
Vikas.
USERNAME is the attribute name which I am using in provisioning policy. Please find below the Create provisioning policy:
{
ânameâ: âtest-prov-createâ,
âdescriptionâ: null,
âusageTypeâ: âCREATEâ,
âfieldsâ: [
{
"name": "USERNAME",
"transform": {
"type": "upper",
"attributes": {
"values": [
{
"type": "identityAttribute",
"attributes": {
"name": "adminAccountName"
}
}
]
}
},
"attributes": {},
"isRequired": true,
"type": "string",
"isMultiValued": false
},
{
"name": "Password",
"attributes": {},
"isRequired": true,
"type": "string",
"isMultiValued": false
}
]
}
Please find attached the screenshot of the schema attribute. I am using JDBC provisioning rule for create operation.
The configuration look fine to me. I see you are using upper transform in the create provisioning, i am not sure if this might be causing the issue.
Can you please test it once by removing this transform such that you have the direct mapping here with identity attributes like below
I believe this might solve your issue but give a try once, if that helps. You can do the uppercase then in the JDBC rule only that might bring your account name bu the account name value will be in same case as the identity attribute but you should be able to see the account name then.
Then i am sure you can manage the uppercasing this value, in my case we uppercase it on the identity attribute level itself but your might be different scenario.
I hope this helps, please let me know if that works for you.
Regards
Vikas.
Regards
Vikas.
Hi Priyanka,
Have you checked target system actually account is created? In most cases if IdentityNow end the account name is showing blank means it does not created an account in target system. You can please check JDBC system by doing SQL query. To solve this one need to check JDBC provisioning rule.
Hi Priyanka,
When you say the create operation was successful in both side, do you happen to see all the attributes are there in the account activity search (including the username)?
Thanks
When I run the aggregation I able to see Username loaded on account also I verified on JDBC source the account is getting created.
The account is creating on Source, so it is coming post aggregation in IDCenter.
In that case are there any joins in a get accounts query and get groups query? if so check account in all joins table created as expected. If it is stored proc please check that one also.
Hi @PriyankaRaoraneAD ,
You need to perform patch operation on the source to trigger the single account aggregation query post successfully provisioning. Below is the connector attributes you need to patch to your JDBC source:
API Endpoint: update-source | SailPoint Developer Community
Body :
[
{
âopâ: âaddâ,
âpathâ: â/connectorAttributes/getObjectAfterProvisionâ,
âvalueâ: true
}
]
Operation: PATCH
This should resolve your issue.
Thank you.
Shanmukh
Tried this solution, but it did not resolve my issue.
After patching the connector attribute âgetObjectAfterProvisionâ, have you triggered any create account provisioning event? Also, have you verified your single account aggregation query is working as expected by manually triggering the âAggregate Accountâ operation for a particular identity which doesnât have account name populated?
It will be helpful if you can provide dummy single account aggregation configured for that JDBC source in your tenant.
Thank you.
Shanmukh
@Shanmukh When I trigger the aggregate account operation on single account it is not working, but when I checked the single account query on source it is fetching appropriate data.
@Shanmukh @HussainshaSyed001 I am using username=â$(identity)â in Single account query. We need to use adminAccountName(this value needs to be in uppercase as well), how can we pass this attribute in query. Is there any way to use adminAccountName identity Attribute in single account query,
As per my knowledge so far I know is we cannot use attributes other than $(identity)
Hi @PriyankaRaoraneAD ,
You can only refer the accountId of the user using the placeholder â$(identity)â. If this adminAccountName is same whenever this query is executed, then I would recommend you to hardcode the adminAccountName in uppercase in your query. Else, you have to suggest the database team to update the query by removing the dependency on this adminAccountName.
Thank you.
Shanmukh Gali
HI @Shanmukh and @HussainshaSyed001 I tried username = UPPER(â$(identity)â) and it worked in my case. Thank you for all help you provided here.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.