Symantec IGA

  • 1.  IdentityMinder Create User Suggestions

    Posted Jan 15, 2013 03:47 PM
    My requirements and approach have changed and I am looking for some best practices or PX files you may have that will help me in this.

    Create User

    - I need to generate a unique sequential number starting with 12345 and increasing from there with every new user getting the next number in the sequence. This number will be stored in the User store and be used for endpoint accounts correlation.

    - Second I need to generate the userID using that number, for example take the first two letters of my first name and add the new Emp ID (dr12345).


  • 2.  RE: IdentityMinder Create User Suggestions
    Best Answer

    Posted Jan 15, 2013 04:22 PM
    Hi Drew,

    Not best practices but I'll comment on one way I achieved what you are asking about:

    For your first requirement:
    - I am using CA Directory as user store for IM users, I have created a new user object that stores that number (12345) in one of its attributes (a "special" user just as you create the ones for your initial setup: inbound, anonymous etc.)
    - in PX i am using Data Sources / Ldap query / Get to read that attribute value (you need to write the ldap query that gets you that value)
    - you can afterwards use PX's General , Maths, Increment function to increment that number each time (12346)
    - unfortunately PX doesn't have access to secondary objects in order to update their attributes so I had to use external code (java class) that receives as parameter the incremented value and writes it to that user's attribute

    I chose LDAP because at that time i considered it better than other sources. From external code I wasn't able to get a return value inside PX to use it and it was less of a pain to manage than using a database as source.
    Also, I am not aware of a "max" function in LDAP that would return the highest value from the entire set of objects (users) that is why I created an additional user object in which i stored that value.

    Second:
    - that value being generated (above incremented number) you can use it as any data element in PX
    - set up data elements for your First and Last name attributes
    - define new data elements that implement some string parse methods to get the first X letters as you need
    - set up a new data element that will store the resulting username string : {element_for_fn}{element_for_ln}{incr_emplNo} or use these directly in the Actions section in which you select the Attribute / user attributes / set function for the corresponding attribute

    Also I have added uniqueness checking before taking any actions just to be sure there is no duplicate value, and the external code to update the ldap object was executed before the action that sets the username value just to be sure that the new number gets stored in case an error is generated .

    I might have not mentioned the exact names / paths of the methods in Policy Xpress as I don't have access now to the app but I am sure you can find them :)

    This is what I did back then. Am also interested in how others implemented this, if they want to share their thoughts/experience.


    Best regards,

    Razvan


  • 3.  RE: IdentityMinder Create User Suggestions

    Posted Feb 07, 2013 02:44 AM
    EDIT :

    looking back, that is not the best PX i wrote so there is an easier way besides using that LDAP query:
    you have access from PX to retrieve data from users based on their uid: PX / Attributes / Attributes of specific user

    this is more clean and appropriate than that explicit ldap query (basicly it will do the same)

    /Razvan