• Azure AD module installation


    We are trying to install Azure AD module in one of our instances. Before the installation it asks for jobqueue and dbqueue tables to be empty.

    How could we make sure that all existing tasks and jobs get processed and nothing new gets triggered before…

  • Error "An existing connection was forcibly closed by the remote host" when importing personal data from SAP/HCM

    In our test environment, we observe the following error message 1 to 2 times a month in connection with the import of personal data from SAP/HCM:

    ErrorMessages (2021-03-16 02:51:55.197) [810222] Error executing script 'CCC_Import_IDM_Person_IDV_SAPHCM…

  • How to call auto generated Composition API methods by HTML Client with/without search parameter


    it seems like compiling the Composition API and creating the HTML Client can be different based on the environment:

    1) local (dev) => Composition API methods created with HandleGetByQuery do not have a "search" parameter in the Client, hence you…

  • Use case and technical feasibility to integration current enterprise One Identity manager to external enterprise One Identity manager

    Use case and technical feasibility  to integration current enterprise One Identity manager to external enterprise One Identity manager ?

    Requirement – manage the cross organisation workforce using IGA to IGA integration.

  • One Identity Failing to abort expired requests

    We are seeing expired requests (ValidUntil < current date) in the PersonWantsOrg table that are not being aborted by the db queue. We found that this is working as expected in our development environment but not in our staging (QA) environment. We attempted…

  • AD Provisioning fails with: Unable to execute method (Insert object) for object (Xxxx) because not all mandatory properties are defined.

    My AD Account Provisioning has stopped working.  It always fails with the error "not all mandatory properties are defined".  It is complaining about "cn, objectClass, sAMAccountName".

    To eliminate moving parts, I go to the Sync Editor…

  • How is the DeactivationStart field filled?

    We are using version 8.1.3. We saw that some of the new users had their DeactivationStart field filled. The process (VI_Person_Deactive_ExitDate_Expired) considers this field. The process updates the IsTemporaryDeactivated field from False to True according…

  • How can I login IAM Modules with an user who has a specific Active Directory Security Group?


    I tried to use "Active Directory  User Account (manuel input)" Method and users can login Modules successfully with their AD accounts. But our customer asked me that how can we control the users' permissions? We don't want every AD users can…

  • Integration with ServiceDesk (BPM Online) How to reopen PwO ?

    at the moment I am integrating with the BPM Online service desk system: the user orders access through the It shop, then using Rest-api OneIM (version 8.1.2) creating tickets in BPM , requests and receives statuses. Based on this, OneIM made decision…

  • ITShop Person Changes Saving as SA in One Identity Manager 7.1

    When our ITShop saves changes to person XUserUpdated in the Person table is recorded as "sa". ITshop is configured for Active Directory. Where/What do we need to change to have ITShop record the changes as being performed by the ITShop logged in AD user…

  • Disaster recovery for One Identity manager Product


    Please help me to find out how to set the Disaster recovery for One Identity manager Product. I couldn't able to get the information in the One IM documentation.

    Any help would be appreciated.



  • Execute plain SQL in script


    is it possible to execute sql in a script like asked four years ago in thread [1] in OI version 8.1.4?

    I testet the script in version 8.1.4 .and i get the error message in [2].

    That means, the code fails to execute:

    Dim conData As ConnectData = DbApp…

  • Permanently removing test employees from development system

    In our development system we have a lot of test employees, which we would like to permanently remove in order to tidy up the environement.

    The employees have business roles assigned, which will need to go as well.

    I just want to make sure we do this in…

  • One identity manager DB back Restore

    Hello everyone, I just had an experience of unsuccessful upgrade from 8.0.2 to 8.0.5 in the Dev Environment (faced issues in DB compilation after the upgrade and other issues).

    Now I want to roll back, and I will restore backup which I took before the…

  • Potential SQL injection attack by brute-force on WebPortal - Attestation - Business role attestation


    I am getting sql injection error on WebPortal while trying to perform attestation for a business roles.

    I am using version 8.1.1

    WebApp log:

    Module instance created: ATT_Attestation_MyAttestations
    2020-12-16 15:15:12.3358  INFO (    WebLog s0xjgi1ydmrf0vz3qcopxvxx…

  • WebPortal: Employee which can be edited by the current employee


    I have the following setup to only allow users to edit employees that are IsExternal=1. Here is my SQL on it...

    "uid_person in ( select uid_person from QER_VEditEmployee where uid_personhead = '%useruid%')
    and ((IsExternal = 1) or …

  • Not all OU in 1IM DB after Active Directory Syncronization (Missing some OUs)


    1IM 8.1. SP2. 

    I created Sync Project Active Directory. 

    I did not change scopes or filters. 

    Not all OU inserted ADSContainer table after syncronization.

    Logs has not errors about OU. 

    In test enviroment with test AD all ok.

    Why it did?    

  • Start Unsubscribe Approval Workflow when PersonWantsOrg request ist Aborted because of Person Deactivated

    Hi community

    We have some manually provisioned Systems where People can request Access to by requesting a resource in IT Shop.

    Approval workflows work fine for subscribe (provision) and unsubscribe (deprivision).

    However when a Person leaves and is permanently…

  • Issue in ITShop: "Not yet implemented -> [Hash function for key"

    Hi there,

    when trying to authenticate to the ITShop with an enabled/internal Person in the context Employee (Role-based), AD (Manual) or AD integrated the error message "Not yet implemented -> [Hash function for key xyz]" returns.


  • SOD rules - Effective Dates between Roles or Entitlements?

    Hi All,

    We have SoD violation checks for various roles and entitlements, but when users are transferring between roles in the organization, there might be violations that don't really overlap due to the timing of when they start their new role.


  • Problem viewing Objects within Synchronization Editor


    In a sync project in our development environment, I would like to use the Target System Browser to look at the attributes - especially the virtual ones - and check whether all virtual attributes are set correctly.
    However, I do not get any results…

  • Is there a way to limit access to Designer/SyncEditor to Read-Only for System accounts?

    Hello Experts,

    I have a bit of an issue and looking to see if there is a solution.  Currently we are using OneIM 8.0.1.  Our whole team has System Accounts due to need for provisioning in manager.  I was wondering if there was a way to create custom roles…

  • Data export of not-triggered columns.


    In out project we have special rules regarding a "default email address" column in a table Person. We construct addresses with help of a special script that is called in a template of the column. But we suspect that not all active identities have…

  • displayvalue() in web designer


    We are using displayvalue() function in web designer for translation purposes. In one of the pages, when we change the language the text is not getting translated but when we refresh the page its working. The same function is working else where.

  • What must be done to obtain a unique schema property?

    In a sync project for data exchange with an application based on an MSSQL database, we use the sync project for MSSQL databases.
    The mapping is set up so that the desired data can be determined and transferred. However, when we run the first simulation…