• One identity manager DB back Restore

    Hello everyone, I just had an experience of unsuccessful upgrade from 8.0.2 to 8.0.5 in the Dev Environment (faced issues in DB compilation after the upgrade and other issues).

    Now I want to roll back, and I will restore backup which I took before the…

  • Potential SQL injection attack by brute-force on WebPortal - Attestation - Business role attestation


    I am getting sql injection error on WebPortal while trying to perform attestation for a business roles.

    I am using version 8.1.1

    WebApp log:

    Module instance created: ATT_Attestation_MyAttestations
    2020-12-16 15:15:12.3358  INFO (    WebLog s0xjgi1ydmrf0vz3qcopxvxx…

  • WebPortal: Employee which can be edited by the current employee


    I have the following setup to only allow users to edit employees that are IsExternal=1. Here is my SQL on it...

    "uid_person in ( select uid_person from QER_VEditEmployee where uid_personhead = '%useruid%')
    and ((IsExternal = 1) or …

  • Not all OU in 1IM DB after Active Directory Syncronization (Missing some OUs)


    1IM 8.1. SP2. 

    I created Sync Project Active Directory. 

    I did not change scopes or filters. 

    Not all OU inserted ADSContainer table after syncronization.

    Logs has not errors about OU. 

    In test enviroment with test AD all ok.

    Why it did?    

  • Start Unsubscribe Approval Workflow when PersonWantsOrg request ist Aborted because of Person Deactivated

    Hi community

    We have some manually provisioned Systems where People can request Access to by requesting a resource in IT Shop.

    Approval workflows work fine for subscribe (provision) and unsubscribe (deprivision).

    However when a Person leaves and is permanently…

  • Issue in ITShop: "Not yet implemented -> [Hash function for key"

    Hi there,

    when trying to authenticate to the ITShop with an enabled/internal Person in the context Employee (Role-based), AD (Manual) or AD integrated the error message "Not yet implemented -> [Hash function for key xyz]" returns.


  • SOD rules - Effective Dates between Roles or Entitlements?

    Hi All,

    We have SoD violation checks for various roles and entitlements, but when users are transferring between roles in the organization, there might be violations that don't really overlap due to the timing of when they start their new role.


  • Problem viewing Objects within Synchronization Editor


    In a sync project in our development environment, I would like to use the Target System Browser to look at the attributes - especially the virtual ones - and check whether all virtual attributes are set correctly.
    However, I do not get any results…

  • Is there a way to limit access to Designer/SyncEditor to Read-Only for System accounts?

    Hello Experts,

    I have a bit of an issue and looking to see if there is a solution.  Currently we are using OneIM 8.0.1.  Our whole team has System Accounts due to need for provisioning in manager.  I was wondering if there was a way to create custom roles…

  • Data export of not-triggered columns.


    In out project we have special rules regarding a "default email address" column in a table Person. We construct addresses with help of a special script that is called in a template of the column. But we suspect that not all active identities have…

  • displayvalue() in web designer


    We are using displayvalue() function in web designer for translation purposes. In one of the pages, when we change the language the text is not getting translated but when we refresh the page its working. The same function is working else where.

  • What must be done to obtain a unique schema property?

    In a sync project for data exchange with an application based on an MSSQL database, we use the sync project for MSSQL databases.
    The mapping is set up so that the desired data can be determined and transferred. However, when we run the first simulation…

  • Source Control (git) for Identity Manager

    Hi All,

    Wondering if anyone has come up with a means of getting away from zip file transports and into storing text-based configs in source control such as git. 

    The options I see are:

    Use transports for extraction

    1. Developers use the standard OneIM tools…
  • ItShop Request properties required

    I have built multi request resources with request items and assigned them to service items. I have some required columns populating the Shopping Cart Item defined in the request item. It all works fine. However, when I request the shop item, I get a pop…

  • Auditing an executed job to find who or what triggered an event.

    Hello Experts,

    I am in need of some assistance.  We had an incident where a few users got removed from a group and i've been tasked to find out how and who did it.  i found the job that did it but it says it was done by "sa" and when i look at created…

  • Delegation for department's manager - mails doesn't come to delegate.


    Can anyone advise in the following use case please:

    As a department's manager I delegate 'Role manager' to the specific Department BUT once this is saved the delegate doesn't receive any emails regarding new comers etc (initial email with credentials…

  • Error after changing X-509 certificate

    After changing the X-509 on Exchange 2010 (public CA), the Identity Manager 8.1 shows the following error:

    File name:  Mail Component

    Process Task:   SendRichMail

    Execution status FROZEN

    Signing certificate was not found.

    Any suggestions to fix this problem…

  • REST API xml data instead json


    1IM 8.1.2

    I need call rest api methods with xml data instead json. 

    How can I do it? 

  • Synchronization Person Table to Active Directory


    I'm actually in the following case:

    When I create a user in the OiM WebPortal, the User is created in the Person Table in the DB. 

    How can I do to send this user created to the ADSAccount table? 

    I just want to automatically synchronize the user…

  • UNSAccountInUNSGroup attestations slow approvals


    I have a attestations policy with procedure on "User accounts: system entitlement assignments (UNSAccountInUNSGroup)".

    Some groups have thousands of users. When the attestation goes out and the user tries to approve more than 200 at a…

  • Automatic removal of ADSMachines from an ADSGroup

    I have design one custom request form on the IT shop where a user will provide hostname of his/her domain joined machine and custom process will add that machine in one Active Directory group. This is working perfectly fine!

    Now I have to create a custom…

  • Why field SortOrder in AccountProduct table have type string?


    1IM 8.1 

    I think, that field SortOrder in  AccountProduct table should have type Integer. 

  • Default Grid Sort in Web Designer


    Currently in grids being used in web designer, when we click on a column to sort it sorts ascending first  and then descending on the next click. Is it possible to change this default behavior to descending on the first click and ascending later.

  • Adding an sql script os it will run on a schedule


    I'm trying to integrate an sql script* that will update the person central account name which in turn will update ADSAccount samaccountname and AD via the connector.

    When I manually change Person's central account name it works but when…

  • Web Designer. VI_Common_PropertyEditor. Show Caption for Property


    1IM 8.1 SP2 In web Designer in ComponentInterface I added Property to Table ShoppingCartItem.

    I try use compoonent VI_Common_PropertyEditor for show properties ShoppingCartItem but for my added properties not showing Caption.

    How I can show captions…