Symantec IGA

  • Private Community
Back to discussions
Expand all | Collapse all

After Initial E&C,  IM fails to add "login Id" attribute to all users in UserStore

  • 1.  After Initial E&C,  IM fails to add "login Id" attribute to all users in UserStore

    Posted Mar 20, 2019 05:45 PM

    After Initial Explore and Correlate in Active Directory endpoint we get the following:

     

    1)  All Global Users are created from AD endpoint successfully

     

    2)  But IM does not add the "Login Id" atribute to those users when there are populated in UserStore

         it does create User ID for most Global Users but only for a very few does both IDs get created, that is most users are  created only with User ID but no Login Id

     

    example:   

    we have   1895  Global users that were created that start with letter "a"

    we have   1883  users created in UserStore that start with letter "a" but of those only:

     

                  720 UserStore users that start with letter "a" have both the "Login Id" attribute and "User ID" added

    the rest   1163  users  have only "User ID" attribute

     

    Conclusion:  we have 1163 users that have their "Login Id" attribute missing!

     

     

    Any ideas what could be wrong?



  • 2.  Re: After Initial E&C,  IM fails to add "login Id" attribute to all users in UserStore
    Best Answer

    Posted Mar 21, 2019 09:26 AM

    You would need to review the IME attribute mappings to see if there is any mapping between the IM User Login ID and a corresponding Provisioning User or not as a mapping would need to be in place and in addition then a value would need be set and included in that inbound notification back to IM from the Provisioning Server. It might be that you need to rely on the creation of a PX Policy to set a value for Login ID using the User ID value if you cannot get it back into IM.