Hi All,
We are running 1IM 8.2.1
I have a little problem with automatic assignemnt of account definition to Azure AD user.
We are using Azure AD Connect to sync the user to AzureAD. But we want also manage group memberships, licenses and so on via Identity Manager. To do so, my assumption is to assign an account definition. To do so, I set the default account definition in the Azure tennant and also set the option PersonAutoDefault = SEARCH and as we create the user before the start date PersonAutoDisabledAccounts = 1.
My Problem, if a user is disabled, the account definition is not assigned.
The Script AAD_PersonAuto_Mapping_AADUser in the Script library is hardcoded to exclude such users.
If persUid <> "" Then
'check is it a managed domain and the account is not disabled
If Not String.IsNullOrEmpty(domAccountDef) AndAlso Not acc.GetValue("AccountDisabled").Bool Then
'assign person and account definition to account
Dim defaultBehavior As String = domain.CreateWalker(Session, uow.IdentityMap).GetValue("FK(UID_TSBAccountDefUser).UID_TSBBehaviorDefault").String
TSB_AssignAccountDef (uow, acc, persUid, domAccountDef, defaultBehavior)
Else
'only assign person to account - it is a linked account
acc.PutValue("UID_Person", persUid)
End If
Do I have the wrong approach?
Best, Denny