• Attestation Report for Approved Entitlements?

    Hello - We are leveraging OneIM 8.1.3 and currently have an attestation process setup for our ADS Domain administrators.  The managers are able to Approve/Deny the users successfully within the IT Shop Web Portal; however our question is, where can we…

  • How to set up just one CSM connector as Authoritative source?

    Hello all, 

    We have various connectors that use the CSM configuration, some starling connectors (Salesforce and SuccessFactors ECP) and some custom target system connected throguh SCIM. These connectors are not authoritative sources, so the PersonAutoFullSync…

  • How to return a value in ADO.net script


    I am working on version 8.1.3. I am calling stored procedures through ADO.net connector and used the sample template provided in synchronization project to write a script. I am able to create the user in the target but unable to return the UserID…

  • Employee Manager Role for only Active Employees

    Hello Experts,

    I have been trying to figure out a way to assign the Employee Manager role in OneIM to only those who have active persons listed as their direct report.  Currently if a person has an inactive employee listed it still assigns the employee…

  • Silent installation

    HI, I found instruction how to install One Identity Manager from console. What I'm missing is the complete list of modules and their description, the same according to the packages. I've looking on the Knowledge Base but without success.

  • Can the Database Role 'basegroup' be removed after installation?

    We are using OI Manager in Azure SQL Managed Instance. One Security Finding (VA1282) says, that orphan database roles should be removed. The scan identifies the database role 'basegroup' as orphaned.

    The recommendation from Azure is to remove…

  • IdentityManager.PoSh


    I don't see any open topic for IdentityManager.PoSh hence I open this one.

    Can you please show some example how to run a custom event which is having a custom variable in the jobchain's generating condition.

    Basically I have a problem in…

  • Web Portal: Requesting entitlement for a specific account.

    Hi everybody, 

    I'm using One Identity Manager ver. 8.1. 

    I'm trying to manage employees with more than one user Account on the same System (AD domain or SAP Client). I know that when an empoyee requests an entitlement, after approval it is assigned…

  • Exchange user rights


    As we are about to manage Exchange users and all sort of Mailboxes I would like to check how can I get information about different rights users have on the mailbox like:

    • Send on Behalf (this is seen in the system - table EX0MailBoxSendOnBehalfPerm…
  • Convert epoch time in Sync editor


    I would like to get data about Expiry date from AD - parameter msDS-UserPasswordExpiryTimeComputed

    As I checked it is the same forma as AccountExpires parameter.

    Where I do not find solution is how can I create vrt property to transfer this number to…

  • OneIM DB Migration and Restore - Compile DB Error


    We are running OneIM 8.1.3 and are in the process of having to migrate our current production DB to a different server.  We followed the standard guide on how to backup, restore DB, manually replicated the user permissions on new server, etc...and…

  • Access of shared member, constant member, enum member or nested type through an instance


    I'm trying to insert a value on AADUser.OnPremImmutableId and I get this error:

    WARNING: Access of shared member, constant member, enum member or nested type through an instance; qualifying expression will not be evaluated., Script: Tmpl_AADUser_OnPremImmutableId…

  • Employee with 2 account definition - access to IT SHOP

    Good evening to everyone,

    I have a question and I would like to understand if it's possible to do it or not.

    I have multiple employees  with two account definition : ad account and adm ad account,

    I would like to log in IT SHOP with employee credentials…

  • Documentation for Integration process and User Provisioning with Cloud Apps?

    Hello All,

    Does anyone know of any official and/or unofficial documentation that provides overview on how to integrate a cloud app (finance apps, etc.) with 1IM for user provisioning and deprovisioning?  Seems the current documentation for 8.x is currently…

  • ObjectGUID in 1IM not update after provisionning to Target System


    1IM 8.1

    I created Sync Project Native database connector to PostgreSQL DB.

    I created mappings 1IM <-> PostgreSQL.

    Roles created in PostgreSQL correct. But ObjectGUID in 1IM UNSAccountB not update after provisionning.

    Force mapping against…

  • Requests on behalf of other

    Hi everybody,

    I know that OneIM provides the possibility to make requests from ITShop on behalf of others; in particular I know that a manager can make requests on behalf of his direct subordinates whether he is their direct manager or he is the manager…

  • VB reference manual

    Hi experts,

    I want to change some pre-scripts on some "process". But, there are many functions that I don't know, such as "Connection.Getsingleproperty()", "Pers.CallFunction()", etc. Is there any VB Reference Manual for those functions?…

  • How to change email notification fuction in "Designer"?

    Hi experts,

    I want to implement an email notification function in IAM.

    Here is the situation:
    when somebody makes a request, both A and B will receive that request. And the only condition to approve this request is both A and B agree to the request. But…

  • Azure AD module installation


    We are trying to install Azure AD module in one of our instances. Before the installation it asks for jobqueue and dbqueue tables to be empty.

    How could we make sure that all existing tasks and jobs get processed and nothing new gets triggered before…

  • Error "An existing connection was forcibly closed by the remote host" when importing personal data from SAP/HCM

    In our test environment, we observe the following error message 1 to 2 times a month in connection with the import of personal data from SAP/HCM:

    ErrorMessages (2021-03-16 02:51:55.197) [810222] Error executing script 'CCC_Import_IDM_Person_IDV_SAPHCM…

  • How to call auto generated Composition API methods by HTML Client with/without search parameter


    it seems like compiling the Composition API and creating the HTML Client can be different based on the environment:

    1) local (dev) => Composition API methods created with HandleGetByQuery do not have a "search" parameter in the Client, hence you…

  • Use case and technical feasibility to integration current enterprise One Identity manager to external enterprise One Identity manager

    Use case and technical feasibility  to integration current enterprise One Identity manager to external enterprise One Identity manager ?

    Requirement – manage the cross organisation workforce using IGA to IGA integration.

  • One Identity Failing to abort expired requests

    We are seeing expired requests (ValidUntil < current date) in the PersonWantsOrg table that are not being aborted by the db queue. We found that this is working as expected in our development environment but not in our staging (QA) environment. We attempted…

  • AD Provisioning fails with: Unable to execute method (Insert object) for object (Xxxx) because not all mandatory properties are defined.

    My AD Account Provisioning has stopped working.  It always fails with the error "not all mandatory properties are defined".  It is complaining about "cn, objectClass, sAMAccountName".

    To eliminate moving parts, I go to the Sync Editor…

  • How is the DeactivationStart field filled?

    We are using version 8.1.3. We saw that some of the new users had their DeactivationStart field filled. The process (VI_Person_Deactive_ExitDate_Expired) considers this field. The process updates the IsTemporaryDeactivated field from False to True according…