• Manager unable to revoke subordinates' access in Web Portal – One Identity Manager 9.3

    Hello,

    We are using One Identity Manager 9.3 and noticed that, even with the manager role, a manager is unable to revoke access that has already been approved and assigned to their subordinates via the Web Portal.

    Current scenario:

    • The manager is able…
  • Problem in creating user on the portal, skipping ID(CentralAccount).

    Hello, I am Rafael, a technician at Cintech Brazil. We are working on a project with the company Sanepar and we have a problem related to user creation on the portal, specifically in CentralAccount. We are facing an issue with the creation of Keys (Identifier…

  • Error: The type initializer for 'SAP.Middleware.Connector.RfcConfigParameters' threw an exception

    I get this error while trying to test SAP R/3 Connection -> ( [System.Exception] The type initializer for 'SAP.Middleware.Connector.RfcConfigParameters' threw an exception.)

    I have

    One Identity Manager 9.3

    SAPNCo 3.1.6

    .NET version 9.0.301

    VS…

  • How to enable custom theme branding in Angular portal using oneim-api-server (v9.2)

    Hello,

    I am currently working on customizing the Angular end-user portal of One Identity Manager, using the official oneim-api-server Docker image, version 9.2, deployed on Kubernetes.

    I would like to enable the use of custom themes located under:
    /var…

  • Automatically Removing Non-Inherited Active Directory Group Memberships in a Dynamic Role-Based Access Model

    I have defined two business roles, and each has been assigned an Active Directory group as a resource that users should inherit by belonging to one role or the other. Membership to both roles is dynamic. How can I enforce that all group membership assignments…

  • Web Portal unusable after login

    Hi everyone,

    I'm currently testing the API Server / Web Portal (oneidentity/oneim-api:9.2) deployed in Kubernetes, and I’m encountering a critical issue.


    The App Server is deployed and reachable (tested separately).

    The API Server has 2 replicas…

  • App Server Error – /appserver/update/allowed not found (Kubernetes deployment, version 9.2)

    Hello,

    I'm currently deploying One Identity Manager 9.2 in a Kubernetes environment, using the official Docker images:

    • oneidentity/oneim-appserver:9.2

    • oneidentity/oneim-api:9.2

    Context

    • I deployed the App Server with the appropriate environment…

  • Question about custom target systems and account tables

    Hi everyone,

    I'm working on a custom target system, and I noticed there's a table called UNSAccountB, but it doesn't follow the structure I need for my use case.

    Is it considered a good practice to extend the UNSAccountB table to meet custom…

  • Implementing Random Delay in Orchestrated Processes to Prevent API Overload

    Hi everyone,

    I'm working with an Orchestrated Process that calls an external API. Currently, all requests hit the endpoint simultaneously, causing it to return a 500 Internal Server Error due to overload. I'm seeing errors like this in the logs:…

  • Data Importer - Multi-Valued template

    Hello Experts,

    I have a table I need to pull data from and it has person records in it with them associated to multiple entries.

    I'm looking to create a multi-valued template to get them populated. Is there a way from data importer to populate all the…

  • UCIgroup3 table in UCI Connector is not getting update from SCIM Connector.

    Hello,

    I am trying to integrate Salesforce with Identity Manager using SCIM Connector. We are using 9.0 version. I created 2 sync projects:

    1. using SCIM Connector 

    2. using UCI connector to load data in CSM Tables

    The permission set groups are in UCIgroup3…

  • How to limit a "Spare Field" field to a maximum of 18 characters in a service item parameter on the web portal?

    Hi everyone,
    I'm configuring a service item on the web portal and I need to limit the "Nome de exibição da conta" (or a spare field) to accept a maximum of 18 characters. Is there a way to enforce this restriction, either through configuration, scripting…

  • How to synchronize existing One Identity Manager password to AD during account creation?

    Hi everyone,

    I have a scenario in One Identity Manager where a user already exists in the One Identity environment with a defined and valid password. However, this user does not yet exist in Active Directory.

    When I assign an Account Definition to trigger…

  • Problem setting up OAuth 2.0/OpenID Connect authentication

    Hi, I have some problem when setting up Oauth / OpenID authentication. The IDP is a ADFS on-prem server.

    I get this error in the log files on the Web server.

    ---> VI.Base.ViException: Invalid token
    at VI.DB.Auth.AuthToken.Validate(X509Certificate2…

  • re-throw in AAD_ZGroupInGroup

    In JobQueue/SystemJournal I get loads of these error messages:

    "(execute slot bulk)50000 0 re-throw in AAD_ZGroupInGroup Line 30
    547 0 The INSERT statement conflicted with the FOREIGN KEY constraint "AAD_RFRL109". The conflict occurred in database…

  • Cannot Connect to database because a system update is running.

    Hello Guys,

    I have a customer environment and it was working fine, then suddenly when I try to open any of the admin tools, it keeps telling me "Cannot connect to database because a system update is running".

    It has been into this state now…

  • How to connect to Peoplesoft?

    Hi all,

     

    I’m looking for a way to connect One Identity Manager 9.3 to PeopleSoft application. Due to not have an original connector, with best practice is recommended for: using psjoa.jar, directly to database or other?

     

    Thanks

  • Changing of Client secret in Entra ID

    Hi.

    I'm running Identity Manager 9.1.1 and have recently changed the client secret for the app that I'm using for the connector to EntraID. I've also deleted the old one.

    But now the delta sync gets frozen and the error message indicates that…

  • SAP connection error after upgrade from 9.2 to 9.3

    After upgrade from 9.2 to 9.3 we have an error connecting to SAP:

    [System.IO.FileNotFoundException] Could not load file or assembly 'sapnco, Version=3.1.0.42, Culture=neutral, PublicKeyToken=50436dca5c7f7d23'. The system cannot find the file specified…

  • Trying to add a SCIM schema override file always results in an error

    Hello,

    I am tasked with integrating user provisioning for an Appian applications platform in OIM 9.2. The responsible Appian dev team has installed an Appian community built SCIM module so I have a target SCIM Service provider that I can integrate with…

  • custom API Integration in angular portal

    We are using the Version 9.2 of one idenity and I have created the new page for contracts, and the API is also ready. I would like to integrate the API into the frontend. I typically handle API integration using the HttpClient in a service file. However…

  • Solution: Set a PWO DialogParameter Value via Script (Sharing is caring)

    As discussed in the hidden Gems session at the recent UNITE conference there is a simple script to retrieve the value of a DialogParameter of a Request (PersonWantsOrg).

    I faced now a situation to update a value (based on an External Decision) and want…

  • Concurrency in IDM with a Script

    Is it possible to use concurrency in IDM with a script? For example, a script that retrieves a list of central accounts from a CSV file, then obtains information via an API and writes that information to a product in IT Shop for auditing purposes.

    This…

  • Exchange field ForwardingSmtpAddress Sync and Lifecycle Management Options?

    We have a requirement to populate and manage the lifecycle (provision/sync/update/delete) of field ForwardingSmtpAddress. This is a different field than 'ForwardingAddress'.

    It's a valid field on the mailbox but I do not see it in the Sync Editor…

  • How to allow manager to renew an access request?

    Hi.

    I need to allow managers of identities to submit a renewal request on their behalf. Currently, out of the box, they can only do it for the requests they created so where they are set as UID_PersonInserted, I think.

    I tried creating a custom Permission…