Hi, I am looking for a solution for the below usecase.
Check for AD account presence before provisioning into Database using JDBC Connector. Looking for design options for the same. This is for access request usecase.
- Create a identity attribute as example samAccountName. (Hope AD is already onboarded in ISC)
- Pass that value in Create provision policy of that JDBC source.
- Use JDBC provision Rule to check value if that identity attribute , if null then AD not present else AD is present.
1 Like
Thanks @gourab . Do we have any other option. Can we validate the presence of AD account on the cloud before the request comes to VA?
Hi @gladstone_manganoori ,
That might be also possible but I believe above solution is the simplest. I also found a similar post here: Account existence check in target application directly
Thanks @gourab . Will check.
You could use a role that does the provisioning to the JDBC connector and have one of the criteria be something like Account Attribute > AD > distinguishedName > Contains > CN=
See below
Hi @gladstone_manganoori ,
I could think of one way
- In one identity attribute lets say its a custom identity attribute “ADPresenseCheck”, create a first valid transform which either takes AD userprincipalname attribute value of the correlated account or will take static value “NoADAccount”.
- Use this identityAttribute value as a criteria in a role which you will use for JDBC account provisioning.
- Criteria would be simple, IdentityAttribute ADPresenceCheck does not equal “NoADAccount”.
Let me know if this helps.
Thanks,
Vaibhav
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.