• Private DNS behind Palo Alto is not resolving Name Servers

    We are using private DNS zones for our internal sites. We are connected to the cloud by site to site vpn on palo alto and until recently our private domains have stopped resolving and name servers are not finding their way. Using dig command I am able…

  • Web Portal validUntil Extension


    We are using version 8.1 where we have a requirement to enable user to extend the valid until period via web portal. Is it possible to develop/configure something where recipient/requester can go to request history and change the valid until time…

  • Client certificate-based authentication from 1IM to web-service

    We have an existing integration with a target system via a web-service API. For that, 1IM performs calls to the web service API from a custom script (in DialogScript table) which user auto-generated proxy-code script (in DialogWebService table). These…

  • OneIM upgrade from 8.1.1 to 8.1.4

    We are using version 8.1.1 currently and migrating to 8.1.4,
    We are going with that were going through documentation, in database permissions section, it is written -
    "If you want to switch to granular permissions when you update from 8.1.x to version…

  • Uninstall Defender Desktop Login 5.9.1 programmatically

    Hello all,

    First time poster.  Need your assistance.  We have a large environment and we use SCCM to manage all machines.  I need to uninstall version 5.9.1 from all machines and I am having a hard time doing that using script or programmatically.  I tried…

  • REST-API with ADS user account as Authentication Module --> 401 Unauthorized


    we use the One Identity Manager version 8.0.5.

    We have a first use case that involves using the REST API. In our development and test environment, the REST calls work using the system user as authentication method.
    In production, however, the ADS…

  • Process Information retention and TimeTrace


    I'm having some issues with my history db and need to get my main db down for upgrade to newest version. I plan to create a new history db and the old one will still be available for time trace.

    I need to determine what i need to set for keeping…

  • Update multiple records through custom script

    Hi all,

    I want to write code to update fullsyncdate attribute of UNSAccountB table for 1000 accounts at a time, something similar as below

    Update UNSAccountB set FullSyncDate=DateTime.Now where cn in ('x','y'.....)

    But am not getting any…

  • Run PowerShell Script


    i want to run powershell script after AD user account creation. i have added the component powershell script but dont know how to execute the script from there and pass parameter like -identity.

    Can anyone help me here?



  • WebPortal: Employee which can be edited by the current employee


    I have the following setup to only allow users to edit employees that are IsExternal=1. Here is my SQL on it...

    "uid_person in ( select uid_person from QER_VEditEmployee where uid_personhead = '%useruid%')
    and ((IsExternal = 1) or …

  • After upgrading OneIM version from 7.1.6 to 8.1.2, the csv data import failed

    After upgrading OneIM version from 7.1.6 to 8.1.2, the Data Import always fail with error "Error during execution of 'OnSaved' in logic module 'VI.DB.EntityScriptLogic'.". The detail information is "There is no server that can fulfill server mask and/or…

  • Synchronization project connecting CSM and UCI to use the UCI_Web portal for manual provisioning

    Hi There,

    We like to keep track of a cloud application in Identity Manager. As described in the documentation we like to use the "manual provisioning" option of the CSM module and UCI_Web portal.

    All installed so far, but now I am missing the…

  • List of Roles/Group Memberships removed and List of Roles/Group Memberships added for a single person.

    Hello All,

    Used Case scenario is like the following:

    Departments are having ADgroups, SAPRoles etc. assigned as birthrights. Now as part of Department move Employee moves from One department to another. As a result of the move some new groups/roles will…

  • Job servers keep in "Update Running" state, and software version keep in "-1"

    Hi experts,

    I'm evaluating the approach of upgrading server from 7.1.6 to v8.

    I deployed new servers with newer OS and SQL version, and restore the original DB to the new server, updated job server list and sync server reference in sync editor, reinstalled…

  • Dynamic Roles - Condition is greyed out


    For a specific Dynamic Role I can't edit it's condition because both Wizard and SQL condition are greyed out.

    Do you know how to make the condition editable?

    So far, the only difference I've noticed between randomly chosen dynamic roles is…

  • Unable to create new employee


    I hope someone can help. I plan to log a ticket tomorrow if I get no response tonight.

    I'm unable to create new employees in Manager or Data import process. I get no error and manager or data importer just locks. I can create new business roles…

  • What must be done to obtain a unique schema property?

    In a sync project for data exchange with an application based on an MSSQL database, we use the sync project for MSSQL databases.
    The mapping is set up so that the desired data can be determined and transferred. However, when we run the first simulation…

  • Source Control (git) for Identity Manager

    Hi All,

    Wondering if anyone has come up with a means of getting away from zip file transports and into storing text-based configs in source control such as git. 

    The options I see are:

    Use transports for extraction

    1. Developers use the standard OneIM tools…
  • Employee's manager with no editing rights in the web shop

    Hello everyone,

    in the web portal, by default, each employee's manager can add, edit and assign a new manager to an employee.

    Is it possible  for manager only view their employees while only some specific employees can add, edit (all) employees and…

  • Does Key Resolution by reference work with XObjectKey?


    We are planning to provide an application with information from the One-IM database.
    Here we have created a custom table - including with a column CCC_DepartmentX, which contains the XObjectKey of the department. 

    Since it is an MSSQL database, we…

  • Execute process for same object sequentially

    Hi, I am currently preparing a process which executes whenever there is any change happens to the ADAccount's CN or SAMAccountName, STatus etc.

    But issue is the there are many times, there will be multiple process gets triggered for same object withing…

  • GET UID_Job of the executing process

    Hi team, how can I get UID_JOB of the current root process being executed in Job queue, so that i can use that UID for my operation in other node of the same process

  • Report for group primary and secondary owners


    I'm trying to create a report for users to run to get all groups they are the primary or secondary owner of.

    I have the first part which is the primary owners but having difficulty with the secondary owners. Since they are not linked to a table…

  • Business role for active directory groups take a long time to add users


    Has anyone seen any issues with adding users to groups through a business role?

    We have a few that we need to add users to upon creation. It seems to take a good while before the users get added to the group.

    The business role is assigned but the…

  • How to send approval notification to group mailbox instead of single approvers?

    Dear 1IM community,

    Our use case requires to send approval notifications and reminder emails to a group mailbox instead of the single approvers' email addresses.

    Currently we are using the standard OA - Product owner approval procedure.

    Do you have…