IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this community and its apps will no longer be available. More details available on our FAQ.
Topic
  • 4 replies
  • Latest Post - ‏2018-05-25T13:29:14Z by Deepak S_ISIM
Deepak S_ISIM
Deepak S_ISIM
19 Posts

Pinned topic account creation

‏2018-05-24T15:05:11Z |

Hi team,

ISIM account creation.

 

Updated on 2018-05-25T14:10:38Z at 2018-05-25T14:10:38Z by Deepak S_ISIM
  • franzw
    franzw
    519 Posts
    ACCEPTED ANSWER

    Re: ISIM USer account creation

    ‏2018-05-25T11:46:51Z  

    The account name - eruid - should be created in the Identity Policy as described here : https://www.ibm.com/support/knowledgecenter/en/SSRMWJ_7.0.1.8/com.ibm.isim.doc/admin/cpt/cpt_ic_admin_identitypolicy.htm

    If you have to use the eruid in the provisioning policy this is referenced as "parameters.eruid[0]" in JavaScript : https://www.ibm.com/support/knowledgecenter/en/SSRMWJ_7.0.1.8/com.ibm.isim.doc/reference/ref/ref_ic_admin_provisionpolicy_javascript.htm

    HTH

    Regards

    Franz Wolfhagen

  • franzw
    franzw
    519 Posts
    ACCEPTED ANSWER

    Re: ISIM USer account creation

    ‏2018-05-25T12:24:28Z  
    This reply was deleted by Deepak S_ISIM 2018-05-25T14:08:58Z.

    It will pick the ID from the policy or what is entered in the UI if you create it manually.

    So yes :-)

    Regards

    Franz Wolfhagen

  • franzw
    franzw
    519 Posts
    ACCEPTED ANSWER

    Re: ISIM USer account creation

    ‏2018-05-25T13:13:44Z  

    Thanks Franz,

    My situation is that for some of the case AD network id and ISIM Service eruid is different, and both are created from identity policy, and as per current scenerio first user is created, and then via Lifecyle rule user's Ad account is created and then based on role attached user's ISIM service account is created, so I want when ISIM service account is created, eruid should be same as of AD network id, and both account creation happens in the same life cycle rule.

    so in my case "parameters.eruid[0]" helpful? if i put this JavaScript in entttlement of ITIM Service?

    The identity policy is called before the provisioning policy and is where you should solve this problem.

    Read up on how to configure the Identity policies - basically you can ensure that the policy looks up the ISIM account through a service search and takes the identity from there. This can be somewhat tricky as you may have to handle multiple accounts of the same type owned by the user.

    You will probably not use the parameters.eruid together with the ISIM service - it seems that you are not fully having the grip on how to use it (yet).

    So let me give you an example - in AD you can set the mail id on the user (we are not talking creating Exchange account - just the mail attribute i AD) - this is normally the ID + "@" + <somedomain.com>. Here you would use the parameters.eruid function to calculate the ID as this would be different from account to account...

    Just to be clear - the identity policy is called as one for the first steps after requesting an account in the UI - so if you have an identity policy in place the userid is populated in the account form.

    In general you should not use provisioning policies to populate the userid - the whole purpose of the identity policy is to do that upfront so that you can use parameters.eruid to reference during rest of the provisioning.

    HTH

    Regards

    Franz Wolfhagen

  • franzw
    franzw
    519 Posts

    Re: ISIM USer account creation

    ‏2018-05-25T11:46:51Z  

    The account name - eruid - should be created in the Identity Policy as described here : https://www.ibm.com/support/knowledgecenter/en/SSRMWJ_7.0.1.8/com.ibm.isim.doc/admin/cpt/cpt_ic_admin_identitypolicy.htm

    If you have to use the eruid in the provisioning policy this is referenced as "parameters.eruid[0]" in JavaScript : https://www.ibm.com/support/knowledgecenter/en/SSRMWJ_7.0.1.8/com.ibm.isim.doc/reference/ref/ref_ic_admin_provisionpolicy_javascript.htm

    HTH

    Regards

    Franz Wolfhagen

  • franzw
    franzw
    519 Posts

    Re: ISIM USer account creation

    ‏2018-05-25T12:24:28Z  
    This reply was deleted by Deepak S_ISIM 2018-05-25T14:08:58Z.

    It will pick the ID from the policy or what is entered in the UI if you create it manually.

    So yes :-)

    Regards

    Franz Wolfhagen

  • Deepak S_ISIM
    Deepak S_ISIM
    19 Posts

    Re: ISIM USer account creation

    ‏2018-05-25T12:33:07Z  
    • franzw
    • ‏2018-05-25T12:24:28Z

    It will pick the ID from the policy or what is entered in the UI if you create it manually.

    So yes :-)

    Regards

    Franz Wolfhagen

    Thanks Franz,

    My situation is that for some of the case AD network id and ISIM Service eruid is different, and both are created from identity policy, and as per current scenerio first user is created, and then via Lifecyle rule user's Ad account is created and then based on role attached user's ISIM service account is created, so I want when ISIM service account is created, eruid should be same as of AD network id, and both account creation happens in the same life cycle rule.

    so in my case "parameters.eruid[0]" helpful? if i put this JavaScript in entttlement of ITIM Service?

  • franzw
    franzw
    519 Posts

    Re: ISIM USer account creation

    ‏2018-05-25T13:13:44Z  

    Thanks Franz,

    My situation is that for some of the case AD network id and ISIM Service eruid is different, and both are created from identity policy, and as per current scenerio first user is created, and then via Lifecyle rule user's Ad account is created and then based on role attached user's ISIM service account is created, so I want when ISIM service account is created, eruid should be same as of AD network id, and both account creation happens in the same life cycle rule.

    so in my case "parameters.eruid[0]" helpful? if i put this JavaScript in entttlement of ITIM Service?

    The identity policy is called before the provisioning policy and is where you should solve this problem.

    Read up on how to configure the Identity policies - basically you can ensure that the policy looks up the ISIM account through a service search and takes the identity from there. This can be somewhat tricky as you may have to handle multiple accounts of the same type owned by the user.

    You will probably not use the parameters.eruid together with the ISIM service - it seems that you are not fully having the grip on how to use it (yet).

    So let me give you an example - in AD you can set the mail id on the user (we are not talking creating Exchange account - just the mail attribute i AD) - this is normally the ID + "@" + <somedomain.com>. Here you would use the parameters.eruid function to calculate the ID as this would be different from account to account...

    Just to be clear - the identity policy is called as one for the first steps after requesting an account in the UI - so if you have an identity policy in place the userid is populated in the account form.

    In general you should not use provisioning policies to populate the userid - the whole purpose of the identity policy is to do that upfront so that you can use parameters.eruid to reference during rest of the provisioning.

    HTH

    Regards

    Franz Wolfhagen