Which IIQ version are you inquiring about?
8.4
Share all details about your problem, including any error messages you may have received.
Hello everyone,
I am working on attribute synchronization and am reaching out for assistance.
I have attributes created in IIQ that I want to map to target attributes so that they will sync across the target and source applications. I am new to this and would appreciate your guidance. How should I get started, and how can I verify that the synchronization is working across applications? If someone could provide step-by-step instructions, I would greatly appreciate it.
Hi @2022Sandeep123 ,
You can achieve this by adding target mapping in ‘identity Mapping’. Refer below document for more information:
After adding you can trigger Attribute sync by ‘Identity Refresh’ attribute sync option check.
https://documentation.sailpoint.com/identityiq/help/provisioning/attributesynchronization.html?Highlight=Attribute%20Synchronization
Thank you for the response.
I created the scenario like this.
Onboarded Delimited application that has attribute employeeId and other JDBC application that has an attributed Employee_ID. I first created the identity attribute and then mapped source and target attributes. Enabled attributed sync in the refresh identity cube task and then ran the task. It did not make any changes. am i missing something?
Attribute sync works as if there are changes on your identity attribute that change will propagate to target system in downstream. Did you updated identity attribute for which you configured target mapping? update value and then run identity refresh for that identity and you can check provisioning transactions.
I updated one of the identity attribute from the edit identity and applied the changed. I ran the refresh identity cube task but nothing changed and I do not see anything in the provisioning transactions
Hi Sandeep,
Does the user already have a account in the JDBC source? Attribute sync will run only if there is a existing account in the user profile.
Regards
Arjun
Hi Arjun
Yes the user already has a account in the JDBC source. Do I need to create a provisioning policy to update the attribute sync?
Hi @2022Sandeep123 ,
To get the value of the attribute, identity attribute depends on the source mapping which is configured for the same identity in Identity mapping page.
Just confirm whether the attribute has the source mapping on it. If yes, then only the values will be changed to the actual value during identity refresh, if you change directly by editing the identity in UI. And make sure in the identity refresh task you are checking below flags.
Refresh identity attributes
Synchronize attributes
Identity refresh task will update the identity attribute value using source mapping and Synchrinize it to the target as configured in the target mapping, in case there is a difference between the old value and new value.
Hope this helps.
Hi Soumyakanta
Thank you for the response. Yes I enabled those features and ran the refresh task but I do not see any changes.
Could you provide me instructions to reproduce a test case?
Do I need to have a provisioning rule?
Hi @2022Sandeep123
Please provide answers to the below questions for better understanding of the current state.
- Do you have source mapping for the identity attribute?
- Do you have target mapping for the attribute?
- Are you updating the identity attribute value in UI before running the refresh task?
- After updating the value in UI, can you please confirm whether the same value is showing for the identity when you check in the debug console?
Few things you can do for troubleshooting:
- Add a before provisioning rule to print the plan
//logger the print plan
@2022Sandeep123
If I am not wrong, you are seeing a provisioning transaction for the JDBC application to update the value.
If yes, you need to either have global JDBC provisioning rule or modify provisioning rule for the JDBC application to complete the transaction.
You can refer to the JDBC connector guide for more details on how to write the provisioning rule for Modify operation.
I guess that’s what I was missing.
I did not have any provisiong plan defined in the applicaton.
Thanks for your time
@2022Sandeep123 ,
Make sure you have added this attribute to application update provisioning policy. If not please add in update policy do a direct identity attribute mapping and then try to run identity refresh task with syn attribute and identity refresh attribute checks.
Besides all these, I also suggest one thing for smooth and clear attribute synch. Do one by one attribute means first check with one attribute and test if that is working fine and check with another one and so on. Then only you will get to know that those many attributes of application support. The reason I am telling is that for some applications and some attributes, the attribute synch won’t work, and it will error even if it is not supporting a single attribute (when you use all attributes together and test). So do one by one and note that these many attributes allow in those applications.
1 Like
Yes I got your point. Thank you