Share all details related to your problem, including any error messages you may have received.
Hello All,
We did rapid setup for provisioning AD account to newly created ID based on some script. RapidSetup Joiner event is getting triggered for newly aggregated ID but AD is not getting provisioned.
I check the “Admin Console” too for provisioning transaction, but there is no transaction for this provisioning. I have even checked the logs, we don’t find anything there too.
Ideally, it should work now as all the conditions are met. I replicated similar kind of requirement in my local device for JDBC provisioning and it is working fine. But, for client we are trying to do the same for AD provisioning, it is not taking place.
If anyone can please help.
Sorry, I didn’t get your question.
We have RapidSetup Joiner event configured for workday and AD application. Once new ID is aggregated from Workday, their account should also get provisioned in AD as per requirement. The condition that is mentioned for RapidSetup Joiner event for AD provisioning is met now, but provisioning is not taking place (AD account is not getting created).
I was asking to check if there are no issues with the actual AD provisioning and it works if you manually request an AD group via Manager User Access quick link.
can you validate if the newly created identity satisfies the population membership criteria mentioned in the RapidSetupConfiguration.xml. There must be an entry (key=“identSelectorDTO”) under which the the population must be mentioned
Actually, we have given the condition in form of script for the event to get triggered. We have checked and, the condition is satisfied but still provisioning is not taking place.
There is no issues with actual AD provisioning most probably. Actually, we don’t have the complete access to the system. I can see some provisioning request for AD in admin console which are successful.
Not sure, why it is not getting triggered in our case.
Is it possible to try adding a simple criteria condition based on user profile attribute to see if the event is triggered for the concerned user? In the logs do you see any issue with the AD - mandatory policy form attributes population that may be preventing the successful provisioning of the AD account to user.
Please find attached the logs above.
There is one “Before Provisioning Rule” set in AD where we tried to print log statement (log.debug(“****** ABCDEFGHIJ ******”); ) in starting so that we get to know the issue. But in logs we don’t see this provisioning rule.
The Identity Attribute in your AD Application is not set to a unique attribute (generally it is distinguishedName). Are you providing a unique value for the Identity Attribute in the provisioning plan?
It seems your provisioning plan do not have the Native Identity value specified and hence the request is failing before provisioning
please check the create provisioning plan and set the
Hi Arpita,
I think it would be helpfull if you could paste here AD App definition together with before provisioning rule if you have any (of course after anonymization) so we could take a look on this.
Please find attached below the before provisioning rule that we are using: beforeprov.xml (1.9 KB)
Sorry, it would be little difficult to paste the app definition. But, please let me know what all details you need. I’ll surely try to provide you all the details.
is doing something with your plan but there’s no code for this method in the before provisioning so I suspect it is in the rule library - could you also add this method?
In second piece of code, its acctReqList. Actually, I typed it from the code that why here it got typo mistake but in actual code, it is “acctReqList”.
For first, its a big piece of code. If you want let me prepare it and share it with you.
Can this issue have anything related to the task through which we are aggregating?
This method might be usefull - based your screenshot error is thrown from provision method - so it’s nothing to do with Aggregation actualy.
Answering your first part of question - in your before provisioning rule you are checking if account/attribute requests are not null - if method is setting them to null then yes it might cause problems.