MANAGER Display when ACTIVE DIRECTORY is AUTH source

We are doing a project for non-employees where they will come in from AD to IDN. However, their manager is in DN form and wanted anyone’s thoughts on how to best display the manager to correlate when it comes in from AD as the auth source.

Add an Identity attribute that maps the DN from AD and correlated manager account attribute to this Identity attribute

Yeah, I am thinking about that too. I would have to write a transform that can get the DN of a user based on the EMP number from their identity profile add to the employee Profile source attribute then correlate.

I would create a new identity attribute ‘adDn’ to contain the dn of each AD account. Then do the correlation logic on that attribute (AD manager → adDn) and setup your identity profile as such.

You need to make sure the ‘adDn’ attribute is searchable.

1 Like

Hi all we have did that and thought of it mins the searchable part. The AD auth account for manager on the profile is set to manager in AD and all other employee accounts from the other profile had there a new attribute added mapped to their DN in AD. We update the attribute to searchable and ran the profile refresh but we not seeing the manager’s name in the idn cube profile.

I agree this should link and the using the two DNs as keys but not sure why. maybe i need to wait for a system refresh?

Put this tranfsform on the ManagerDn identity attribute:

{
    "id": "6ac4d77e-a228-48ed-9ab4-65d7c2d830f7",
    "name": "AD Manager",
    "type": "rule",
    "attributes": {
        "name": "Cloud Services Deployment Utility",
        "operation": "getReferenceIdentityAttribute",
        "uid": "manager",
        "attributeName": "userAdDn"
    },
    "internal": false
}

So i dropped the below in the manager field of the profile. I get that it would match one for one but values in preview mode are blank.
{
“id”: “”,
“name”: “Manager Non-employee Manager Transform”,
“type”: “rule”,
“attributes”: {
“name”: “Cloud Services Deployment Utility”,
“operation”: “getReferenceIdentityAttribute”,
“uid”: “manager”,
“attributeName”: “userActiveDirectoryDn”
},
“internal”: false
}

image

If i remove the transform and just map ad - manager to manager IDN feed in the preview mode i see the DN only for ptrview not identity vaule. for some reason it just wont take.

This is if i just map directly on the profile AD manager it previews correctly. but add the code then it blanks. The field is populated from the agg of AD on the account profile but it will not display at all on the manager idn attribute. like it will only take a display name when it does finally correlate

you need to have a identity attribute pulling the DN from the user.

why would you not use manager on the identity profile
The problem lives that the manager of a user is stored as the DN in AD. I have added another attribute on identity to populate there DN so the match should work.
Manager DN from Identity to user AD DN attribute on their manager’s profile
Sorry been at this all day and this is a first form me AD as a auth


This was solved by referencing display name on AD

I also actually took this one further and added a statement on status to display “No Manager” when the field is blank.
hope this helps anyone

"name": "Non-employee Manager Transform",
"type": "static",
"attributes": {
    "ignoreErrors": "true",
    "value": "#if($status=='inactive')manager#{else}$manager#end",
    "status": {
        "type": "accountAttribute",
        "attributes": {
            "attributeName": "userAccountControl",
            "sourceName": "ACTIVE DIRECTORY NON-EMPLOYEE ACCOUNT SOURCE"
        }
    },
    "manager": {
        "type": "firstValid",
        "attributes": {
            "values": [
                {
                    "type": "rule",
                    "attributes": {
                        "attributeName": "displayName",
                        "name": "Cloud Services Deployment Utility",
                        "operation": "getReferenceIdentityAttribute",
                        "uid": "manager"
                    }
                },
                "No Manager"
            ]
        }
    }
},
"internal": false

}

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.