Symantec IGA

  • Private Community

  • 1.  CA IDM - Approach to auto create copy of an user

    Broadcom Employee
    Posted Nov 20, 2018 12:41 PM

    Team,

     

    I have an use case to auto-create an admin account upon successful creation of end user account in IDM. These 2 accounts has to be maintained as separate accounts with unique UID/saAMAccountName and has to provisioned to the target system(AD). 

     

    Here is an example:

    User account - Test 

    Admin User account - Testadmin 

     

    IDM user "Testadmin" has to be created automatically post successful creation of "Test" user.

     

    Please let me know your suggestions to achieve this.

     

    Regards

    Ashok

     

    CA Security



  • 2.  Re: CA IDM - Approach to auto create copy of an user
    Best Answer

    Broadcom Employee
    Posted Nov 21, 2018 03:47 AM

    Yif you only need two AD accounts (linked to 1 IM user) then you can use rule strings to create the accounts using two account templates (see https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/managed-endpoints-and-provisioning/provisioning-roles/attributes-and-rule-strings-in-account-templates). For examples:

     

    User account -> %U% -> Test 

    Admin User account -> %U%admin -> Testadmin

     

    If you need two IM users, then a PX with a SOAP call to the TEWS is required.



  • 3.  Re: CA IDM - Approach to auto create copy of an user

    Broadcom Employee
    Posted Nov 21, 2018 08:17 AM

    Thank You Gil, requirement is to have 2 IM users.

     

    I was also thinking about calling TEWS from PX for admin account creation.

     

    Regards

    Ashok



  • 4.  Re: CA IDM - Approach to auto create copy of an user

    Broadcom Employee
    Posted Nov 23, 2018 08:05 AM

    Yes, I would agree with this approach. I'm currently using TEWS from PX to make access requests for movers if their department changes. You should be able to do the same thing for new joiners.