Symantec IGA

In the new vAPP ver. 14.1 I have uploaded this entry data (you can see a part of entry data below)

Our key for match the global user with account in endopoint type Active Directory is %USERID% <-> Description (field in AD)

The tab "attribute mapping" is configured as in the picture:

Next step : execute and correlate task

We will expect wich the global user is correlated with the AD account, but the accounts of AD are all orphans

any idea?

thanks 

Emanuele Cantoni

Did you add a Correlation Rule? By default the system will attempt to match an account ID to the GlobalUserName or FullName. If you would like to use a different account attribute you can configure a rule to use a specific account attribute. Please see the following documentation for details:

https://docops.ca.com/ca-identity-manager/14-1/EN/administrating/managed-endpoints-and-provisioning/managed-endpoint-accounts/integrating-managed-endpoints/create-correlation-rules

thanks (also GilFreund) for reply, i have configured the correlation attribute:

and re-run the explore and correlation... no change, all accounts are orphans

If you already tried to correlate previously and the accounts got associated to the [default user] then running another correlation will not re-associate the accounts to a new matching user. You would need to first disassociate those accounts from the [default user] and then run an Explore and Correlate now that you have configured a custom correlation rule.

Also note that your custom correlation rule appears to be incorrect. Based on earlier screenshots it looks like your correlation rule should be GlobalUserName to ActiveDirectory ADSdescription and not to UID.

If you need further assistance beyond the above you may be best with opening a support case so that logs can be shared and reviewed further.

Thanks a lot KennyV , thanks at all !!! now work fine with this configuration!