Symantec IGA

  • Private Community

  • 1.  IdentityMinder : Multiple OU in AD, for user creation.

    Posted Apr 28, 2016 03:16 AM

    Hi Team,

     

    We are implementing CA Identityminder for a customer & user provisioning / de-provisioning in AD. Client has  multiple OU's in AD.

    Their requirement is that they should be able to select OU while creating a user.  As of now ,only the OU on which we have performed Explore / correlate is shown in Endpoint.

    We can do Explore / correlate on multiple OU's, but where would a user get option to select OU while creating user ?

     

    Please let us know how it is possible to achieve this use case ?

     

    Kind Regards,

    Jandal Usmani



  • 2.  Re: IdentityMinder : Multiple OU in AD, for user creation.

    Posted Apr 29, 2016 02:38 AM

    chris.thomas.1

     

    Hi Chris,

     

    Looking for some help here please!!

     

    Regards,

    Jandal



  • 3.  Re: IdentityMinder : Multiple OU in AD, for user creation.
    Best Answer

    Broadcom Employee
    Posted Apr 30, 2016 01:50 AM

    You don't need user to select ou from UI. You can make it dynamic using account template and PX. You should determine which ou user should go to using PX based on selected attributes and set it to a physical attribute say adOrganization. Then map this attribute to a provisioning store attribute say eTCustomField01. Then update your account template's container field from backend using jxplorer something like %UCU01%. By doing this you will need only 1 provisioning role and 1 account template and user provisioning to various ou will be dynamic.


    Of course you will have to explore endpoint so that appropriate ou exists in provisioning store.


    Please let me know if you have more questions.