• Custom Approval Procedure for Product Owner gives error when SQL CASE statement is used

    Hi There,

    We have a requirement that, if the product owner is disabled the approval for that product should go to product owner's manager. I have copied the pre-defined approval procedure(OA-Product Owner) and created a new one, in which I am customising…

  • Error deleting Business Roles and Dynamic Roles

    Hello everyone,

    I have a problem deleting business roles and dynamic roles.

    I started deleting dynamic roles but One Identity doesn't give me the possibility (grey icon). Maybe One doesn't appreciate that.

    I also tried deleting business roles…

  • SAPRoles are not getting tagged with ORG

    There are some sap roles(Entitlement's) which are assigned to a System role(Eset), so records in EsetHasEntitlement exists.

    When I assign the system role(Eset) to the business role(Org), records gets inserted in OrgHasEset table, but the Sap roles…

  • 1 user license does not sync properly into AD

    Hi all, I have a sets of user and I added a license on their department all user where to sync properly into AD but among them there is one user who does does not sync into the ad properly when I check the AD it is missing the License. I am currently…

  • INACTIVE account in One identity but still ACTIVE in active directory

    Hi again, I have a problem regarding the deactivating an  Active Directory account. It appears that the account is already INACTIVE in One Identity but still active on ACTIVE DIRECTORY.

  • Attestation Report for Approved Entitlements?

    Hello - We are leveraging OneIM 8.1.3 and currently have an attestation process setup for our ADS Domain administrators.  The managers are able to Approve/Deny the users successfully within the IT Shop Web Portal; however our question is, where can we…

  • How to set up just one CSM connector as Authoritative source?

    Hello all, 

    We have various connectors that use the CSM configuration, some starling connectors (Salesforce and SuccessFactors ECP) and some custom target system connected throguh SCIM. These connectors are not authoritative sources, so the PersonAutoFullSync…

  • How to return a value in ADO.net script


    I am working on version 8.1.3. I am calling stored procedures through ADO.net connector and used the sample template provided in synchronization project to write a script. I am able to create the user in the target but unable to return the UserID…

  • Employee Manager Role for only Active Employees

    Hello Experts,

    I have been trying to figure out a way to assign the Employee Manager role in OneIM to only those who have active persons listed as their direct report.  Currently if a person has an inactive employee listed it still assigns the employee…

  • Silent installation

    HI, I found instruction how to install One Identity Manager from console. What I'm missing is the complete list of modules and their description, the same according to the packages. I've looking on the Knowledge Base but without success.

  • Can the Database Role 'basegroup' be removed after installation?

    We are using OI Manager in Azure SQL Managed Instance. One Security Finding (VA1282) says, that orphan database roles should be removed. The scan identifies the database role 'basegroup' as orphaned.

    The recommendation from Azure is to remove…

  • IdentityManager.PoSh


    I don't see any open topic for IdentityManager.PoSh hence I open this one.

    Can you please show some example how to run a custom event which is having a custom variable in the jobchain's generating condition.

    Basically I have a problem in…

  • Web Portal: Requesting entitlement for a specific account.

    Hi everybody, 

    I'm using One Identity Manager ver. 8.1. 

    I'm trying to manage employees with more than one user Account on the same System (AD domain or SAP Client). I know that when an empoyee requests an entitlement, after approval it is assigned…

  • Exchange user rights


    As we are about to manage Exchange users and all sort of Mailboxes I would like to check how can I get information about different rights users have on the mailbox like:

    • Send on Behalf (this is seen in the system - table EX0MailBoxSendOnBehalfPerm…
  • Convert epoch time in Sync editor


    I would like to get data about Expiry date from AD - parameter msDS-UserPasswordExpiryTimeComputed

    As I checked it is the same forma as AccountExpires parameter.

    Where I do not find solution is how can I create vrt property to transfer this number to…

  • OneIM DB Migration and Restore - Compile DB Error


    We are running OneIM 8.1.3 and are in the process of having to migrate our current production DB to a different server.  We followed the standard guide on how to backup, restore DB, manually replicated the user permissions on new server, etc...and…

  • Access of shared member, constant member, enum member or nested type through an instance


    I'm trying to insert a value on AADUser.OnPremImmutableId and I get this error:

    WARNING: Access of shared member, constant member, enum member or nested type through an instance; qualifying expression will not be evaluated., Script: Tmpl_AADUser_OnPremImmutableId…

  • Employee with 2 account definition - access to IT SHOP

    Good evening to everyone,

    I have a question and I would like to understand if it's possible to do it or not.

    I have multiple employees  with two account definition : ad account and adm ad account,

    I would like to log in IT SHOP with employee credentials…

  • Documentation for Integration process and User Provisioning with Cloud Apps?

    Hello All,

    Does anyone know of any official and/or unofficial documentation that provides overview on how to integrate a cloud app (finance apps, etc.) with 1IM for user provisioning and deprovisioning?  Seems the current documentation for 8.x is currently…

  • ObjectGUID in 1IM not update after provisionning to Target System


    1IM 8.1

    I created Sync Project Native database connector to PostgreSQL DB.

    I created mappings 1IM <-> PostgreSQL.

    Roles created in PostgreSQL correct. But ObjectGUID in 1IM UNSAccountB not update after provisionning.

    Force mapping against…

  • Requests on behalf of other

    Hi everybody,

    I know that OneIM provides the possibility to make requests from ITShop on behalf of others; in particular I know that a manager can make requests on behalf of his direct subordinates whether he is their direct manager or he is the manager…

  • VB reference manual

    Hi experts,

    I want to change some pre-scripts on some "process". But, there are many functions that I don't know, such as "Connection.Getsingleproperty()", "Pers.CallFunction()", etc. Is there any VB Reference Manual for those functions?…

  • How to change email notification fuction in "Designer"?

    Hi experts,

    I want to implement an email notification function in IAM.

    Here is the situation:
    when somebody makes a request, both A and B will receive that request. And the only condition to approve this request is both A and B agree to the request. But…

  • Azure AD module installation


    We are trying to install Azure AD module in one of our instances. Before the installation it asks for jobqueue and dbqueue tables to be empty.

    How could we make sure that all existing tasks and jobs get processed and nothing new gets triggered before…

  • Error "An existing connection was forcibly closed by the remote host" when importing personal data from SAP/HCM

    In our test environment, we observe the following error message 1 to 2 times a month in connection with the import of personal data from SAP/HCM:

    ErrorMessages (2021-03-16 02:51:55.197) [810222] Error executing script 'CCC_Import_IDM_Person_IDV_SAPHCM…