none
Provisioning multiple accounts for same user in AD RRS feed

  • Question

  • Hi,

    I have a scenario where multiple accounts needs to be provisioned in AD for a user. Eg. one is a normal account and other is a privileged account. While normal account provisioning is in place, I am in search of resources to enable provisioning the 2nd account for the same user. Has anyone done this previously? Can someone point me to a resource or let me know if this is feasible in FIM 2010?

    Thanks in Advance.


    Kris

    Monday, November 3, 2014 7:12 AM

All replies

  • Hello,

    it is possible, but only with mv extension code for provisioning.

    But I would NOT do that, because you need to have additional code on ma for every import attribute flow to decide the attribute from which of the two AD objects have to flow into mv.

    Otherwise you will get "ambigious-import-flow-on-multiple-connectors" error.

    Consider creating a second object for those users you should also have privileged account and if you need some kind of connection between them make a reference attribute on the normal user to point to the priviliged account in mv and portal.

    Regards
    Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Monday, November 3, 2014 7:40 AM
  • Yes, what Peter said. It is certainly possible to have two CS objects connected to one MV object, but in practice you end up with a very complex environment. Whatever process determines that someone should have a second AD account (e.g. Portal Workflow, imported attribute) should cause a second MV object of different object type (e.g. adminUser) to be projected and then provisioning rules for this object type be put in place. 
    Monday, November 3, 2014 10:31 AM