kyunghoon
January 25, 2024, 7:51am
1
Version 8.3
I made Joiner business process in IIQ.
After HR aggregation, But ad provisioning is pending.
How can i create ad account in Joiner workflow without form.
below provisioning plan
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ProvisioningPlan PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<ProvisioningPlan nativeIdentity="ahn19" targetIntegration="UClick AD3">
<AccountRequest application="UClick AD3" nativeIdentity="CN=ahn19,OU=Staff,DC=hoon,DC=com" op="Create">
<AttributeRequest name="cn" op="Add" value="ahn19"/>
<AttributeRequest name="distinguishedName" op="Add" value="CN=ahn19,OU=Staff,DC=hoon,DC=com"/>
<AttributeRequest name="sAMAccountName" op="Set" value="ahn19"/>
<AttributeRequest name="ObjectType" op="Set" value="User"/>
<AttributeRequest name="password" op="Set" value="NTbDl^Z,168mmy*"/>
<AttributeRequest name="memberOf" op="Add" value="CN=SE_Service,OU=Staff,DC=hoon,DC=com"/>
</AccountRequest>
</ProvisioningPlan>
@Ahn ,
Please share the joiner business process design.
kjakubiak
January 25, 2024, 9:02am
5
Please check provisioning policy for AD application. If for this attributes you don’t have authoritative selected for them.
kyunghoon
January 25, 2024, 11:58pm
7
Thanks for reply.
AD is not authoritative application.
HR(csv) is authoritative application.
I want to provion ad account after HR aggregation with Joiner business process.
kjakubiak
January 26, 2024, 6:21am
8
It’s not about AD being authoritative application - on the provisioning policy you can select each field as authoritative.
kyunghoon
January 26, 2024, 6:34am
9
Thanks.
Now the input form does not appear.
but. pending and A Manual Changes work item appears.
kjakubiak
January 26, 2024, 6:49am
10
Check In the xml of ad app if in featuresString attribute you have PROVISIONING
kyunghoon
January 26, 2024, 6:53am
11
I checked featuresString.
Is there anything else to check?
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Application PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Application connector="sailpoint.connector.ADLDAPConnector" created="1706149546830" featuresString="PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE, MANAGER_LOOKUP, SEARCH, UNSTRUCTURED_TARGETS, UNLOCK, ENABLE, PASSWORD, CURRENT_PASSWORD" icon="directory1Icon" id="c0a800e38d0c19d9818d3e700b4e3afe" modified="1706250521355" name="Uclick AD3" profileClass="" type="Active Directory - Direct">
<Attributes>
Hi @kyunghoon ,
I have made couple of changes to your workflow. Please import and test.
Thank you!workflow.txt (8.7 KB)
kyunghoon
January 29, 2024, 1:11am
13
Thanks for help.
Your workflow is same error.
so, I tried to test in another IIQ.
It was confirmed that provisoing was performed normally at IIQ elsewhere.
Maybe it didn’t work because my IIQ suffered from many tests.
Perfect!!
kyunghoon
January 29, 2024, 8:44am
15
Amit Gupta:
ark it as so
bad news.
I installed new IIQ and add HR,AD.
but, The same error occured.
Can you share the application.xml for Uclick AD5
kyunghoon
January 29, 2024, 10:48am
17
Thanks for reply.
I attached.
application.txt (35.0 KB)
I installed new tomcat with port 9090 and new IIQ.
But, same error occured.
kjakubiak
January 29, 2024, 11:54am
18
As far as I see your provisioning policy does not contain any logic to generate attribute values needed to execute provisioning. Could you please also show part of code from which you are triggering this operation?
kyunghoon
January 29, 2024, 1:03pm
19
workflow.txt (8.7 KB)
could you see this business procesa?
thanks.
Check this one, you don’t need to add authoritative=“true” here.
@kyunghoon - I can see you have defined all the field as authoritative. Kindly uncheck the same in Application – Provisioning Policy Form.
kyunghoon
January 31, 2024, 5:53am
22
I unchecked authoritative setting on my laptop. and same error occured.
But, I succeeded provisioning to AD from another PC with same setting.
I think there was a problem when I installed and tested several IIQs on my laptop.
Thanks to you, I learned a lot.
1 Like
