This content has been marked as final. Show 9 replies
Here is the link to know more about Target and Trusted Recon:
provision users in target resource automatically when I run the recon target jobsProvisioning and Reconciliation are different things. Recon never does provisioning. It reconciles the existing accounts from Target to OIM.
For Automatically Provisioning, make use of Access Policies.
Yes. I am after the details on how to setup a recon to fire an access policy to provision the user to the target resource automatically.
Yes. I am after the details on how to setup a recon to fire an access policy to provision the user to the target resource automaticallyFirst go through the OIM documents to understand Reconciliation, Access policies, Provisioning and in which scenario we use these components. I can explain here as well but that will take lot of time.
Since I have already ran the trusted/target recons without Access Policies, I'm looking for guidance to know if building an Access Policy with retrofit, populates the existing OIM user's resource tab with the appropriate IT Resource (e.g., AD User or Oracle DB User).
Has anyone tried this successfully?
If not, what other ways are used to achieve this update (apparently BIP reports only look at the contents of user's resource entries to build reports).
There's a schedule task called "Set User Provisioned Date"
Run that and see it should trigger provisioning for existing users of a role/group.
Hi, that job runs every 30m, yet it is not populating user's Resource Tab with the IT resource they originated/got updated from.
Thanks for replying.
What is the use case you are looking for? Can you please put it here in details because i am bit confused :(
Hi, the idea is to automatically populate every OIM user's RESOURCE tab with where they originated from (say DBAT Target Recon) and if they matched an AD User Target Recon.
In my example, if an OIM user identity got created running the DBAT recon, an entry pops into that user's Resource tab indicating they were provisioned from the DBAT resource (e.g., Oracle DB User).
When I run the AD Target Recon, if an OIM identity already exists and the user is also in AD, an entry pops into that user's Resource tab indicating they were provisioned from the AD Resource (e.g., AD User).
The reason for this is because the BIP reporting jobs look to the UD_DB_ORA_U and UD_ADUSER tables.
This feature is automatic. As long as the target recon is run to pump users through the respective process form. After getting the target recons to work, the entries show up under the users' resource tabs.
Thanks for looking.