Hi Team,
We have a scenario where account provisioning should be first completed on Active Directory source before proceeding with Novell eDirectory source.
In other words, Novell eDirectory account shouldn’t created if an Active Directory account doesn’t exist for that user during account provisioning.
Currently, I’m trying to use “Role” membership criteria to control this (using account attribute option). Are there other ways to handle this requirement?
Thanks
Vijay
We created the below transform and mapped it to the identity attribute, and the same identity attribute is used in roles. I think this is the only option.
{
"name": "AD Account Exists",
"type": "static",
"attributes": {
"adAccount": {
"type": "firstValid",
"attributes": {
"values": [
{
"attributes": {
"attributeName": "mail",
"sourceName": "Active Directory"
},
"type": "accountAttribute"
},
{
"attributes": {
"value": "NONE"
},
"type": "static"
}
]
}
},
"value": "#if($adAccount != 'NONE')YES#{else}NO#end"
},
"internal": false
}
Great !! this looks like a better solution than using “account attribute” option in role membership criteria. Thank you!!
@vijaylca you can simply use the attribute of the ad account as a criteria for the role assignment of the app you wanna delay.
Much simpler than transforms.
Thanks, Ivan.
Just to make sure I understood correctly, are you suggesting to use type “Account Attribute” in role criteria and choose one of the attributes to confirm accounts exists before proceeding ?
Something like below ?
Yeah, them they onlçy going to be assign if people have Ad account 
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
