• State Not Answered
  • Replies 2 replies
  • Subscribers 62 subscribers
  • Views 1557 views
  • Users 0 members are here
Options
Related

Virtual Attribute default value

lrigs
over 1 year ago

Hello Community,

Does anyone know if there is a way for a virtual attribute to have a default value when a user get's synced in from AD?

I have a need for a boolean value for users and when a new user is created from One Identity manager to make that value false.

I'm not using a sync from Active Roles into One Identity manager. It's a direct to Active Directory btw.

I have another job that will check and make it true when needed. 

Thank you,

Lu

  • 0 over 1 year ago

    Not sure what you mean by "synced in".  Active Roles does not cache objects.

    Applying a default value is best done:

    1) For existing objects, use an Automation Workflow to find (using a Search Activity) objects missing the desired default, a use an Update activity to apply it.

    2) For new objects, set up a Property Value Generation policy rule within a Provisioning Policy that forces the value on new object creates / edits.

    Re 2), if the objects are actualyl being copied from somewhere (using the AR Sync Service perhaps), then the PVG should take care of applying the values for you.

    'Hope this helps and don't hesitate to ask if anything is not clear.

  • 0 over 1 year ago

    If Identity Manager is going direct to AD, and Active Roles is in the same environment, then it is highly recommended to look into having Identity Manager connect to Active Roles to communicate to AD. It would make this use case so much easier to accomplish.

    If the users are getting created directly in AD, then there could possibly be 2 options here. One is scripted (handle changes from DirSync control) and not really recommended and the other could be to utilize an Automation Workflow. The Automation Workflow could run on a scheduled basis and look for AD users with no value in the VA and then set it to False.