none
Populating Custom Drop Down RCDC Control And Sync Custom Information RRS feed

  • Question

  • Hello,

     I have a requirement whereby I need to present a list of departments within the FIM portal as a drop down control for end  users. There are around 500 departments and I need to provide admins with a convenient way of keeping this list up   to date. There are several other fields (department head, department cost code and department administrator).

     My initial thoughts were to do the following:

     - Create a new object within MV designer that has a single multi-valued attribute (e.g. "Customdepartment" with multivalued attribute "DepartmentName").

     - Sync a department CSV file against this object, the CSV file will contain a list of deartment names    (departmentA,departmentB,departmentC,departmentD,etc.)

     - Push my custom department attribute into the FIM portal (mapping onto another custom attribute)

     - Users pick which department they belong to via the drop down control using a method (similar to #4 http://www.fimspecialist.com/fim-portal/rcdc-resource-control-display-configuration/populating-rcdc-dropdowns-uocdropdownlist/#step2)

     - An AD outbound sync rule syncs the department name

     - A PowerShell script is then ran against AD which checks the department name for each user and populates the relevant AD fields for department head, department cost code and department administrator.

    The first problem I have is that when I tried to sync my input CSV file of departments into my custom MV object, I simply ended up with multiple records rather than a single object which contained the list of departments. I'm not sure how to overcome this.

    In addition, I'm wondering if there's a better way to meet the requirements than what I've proposed. I imagine what I'm trying to achieve is reasonably common, but I'm not sure on the best way to implement it.

    Thanks in advance


    Thursday, August 14, 2014 11:15 PM

Answers

  • Ok, so I believe things should be configured like this:

    WF - Action with function evaluator 

    Destination: [//Target/Department]

    Value (Custom Expression): [//Target/SiteReference/sitename] 

    MPR 

    Requestor - up to you, may be service desk  or admins 
    Operation: "modify a single-valued attribute"
    Permissions: grants permission
    Target before request: All active people
    Target after request: All active people
    Resource attributes: SiteReference
    Action workflow: WF above 

    To trigger the above, login as someone belonging to the requestors set and modify site reference on the user. This will update the user department attribute with the site name. 

    From there you add an inbound flow from the portal to the MV for department, and update your AD SR to flow department -> department (or whichever attribute you require). 


    • Marked as answer by EuroTechie2013 Wednesday, August 20, 2014 5:09 PM
    Wednesday, August 20, 2014 12:28 AM

All replies

  • I think you are on the right track, however you won't be able to sync a MV department object to an attribute in the FIM Portal. You will need to do something along these lines. 

    • Create MV object department
    • Create FIM Portal object for department 
    • Flow your departments into the FIM Portal
    • Add a new reference attribute in the FIM Portal for "departmentReference" bound to user 
    • Update your RCDC as mentioned in the blog post
    • Create an action workflow to resolve the department name from the department reference, for example: Destination: [//Target/department] Value: [//Target/departmentReference/DisplayName]
    • Create a request MPR that triggers the workflow on the modification of the department reference attribute, trigger the previously created workflow

    Friday, August 15, 2014 12:35 AM
  • Cheers for the response, I've tried your suggestion, but am hitting an error:

    1. I've created a new resource in the portal called site with 2 attributes "siteName" and "SiteNameMultivalue".
    2. I've created an All Sites set. Created a new MPR granting administrator permissions to update, modify, create and delete on this set.
    3. Added the site resource to the synchronization filter resource.
    4. Added a new MPR with full grant permissions on site for the synchronization engine (Synchronization:
    Synchronization account controls sites it synchronizes).
    5. Created a MV resource site with attributes "siteName" (multivalued attribute), csobjectID and "sitekey".
    6. Synced the contents of an attribute value pair text file to my MV site (worked fine, I can see the sites in the MV).
    7.
    Refreshed the FIM MA schema.
    8. Selected a site object type in the FIM MA schema.
    9. Added an object type mapping (site to site).
    10. Tried configuring my sync rules, but I'm hitting the error "detectedRulesList of Site is no longer available". If I remove the detectedRulesList flow, I hit the same error for ExpectedRulesList. If I remove both, the error goes away, but synchronisation fails.

    Any help on resolving this is much appreciated.

    Thanks

    Monday, August 18, 2014 10:24 AM
  • Make sure you have "DRE" and "ERE" as bindings to new resource in FIM Portal - it seems your "site" resource does not have such attribute as "detectedRulesList" and "expectedRulesList" - create a binding to those attributes for your "Site" object in FIM Service's schema.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by MKołódź Tuesday, August 19, 2014 5:48 AM
    Monday, August 18, 2014 12:33 PM
  • Thanks Dominik, your post made me realise I was missing the attributes in MV designer, now added and synced :-)
    Monday, August 18, 2014 1:49 PM
  • Cameron,

     I've managed to do the first 4 steps and flow my custom site and department objects into the portal, I can select a site and flow my reference attribute back into the metaverse as long as it maps on to another reference attribute.

     Ultimately what I want to do is be able to export site and department information to AD. Please can you expand on the below steps:

    • Create an action workflow to resolve the department name from the department reference, for example: Destination: [//Target/department] Value: [//Target/departmentReference/DisplayName]
    • Create a request MPR that triggers the workflow on the modification of the department reference attribute, trigger the previously created workflow

    I've created a workflow as follows:

    Activity DisplayName: ResolveSiteName
    Destination: [//Target/site]

    MPR - ResolveSiteName
    Requestor - ResourceID relative to resource
    Operation: "read resource", "modify a single-valued attribute"
    Permissions: grants permission
    Target before request: All active people
    Target after request: All active people
    Resource attributes: sitereference;siteName
    Action workflow: ResolveSiteName

    I suspect I haven't done the last 2 steps correctly. Unfortunately I can't find too many examples of how to flow reference attributes to AD or the MV. Whenever I try to flow a reference attribute in my AD sync rule I'm hitting an error regarding a mismatch between reference and string data types.

    Ideally, I would like to flow more than just the siteName from my reference attribute (e.g. siteManager and SitePostcode), how would I go about this?

    thanks in advance



    Monday, August 18, 2014 7:54 PM
  • What value are you trying to set within your workflow? 

    You won't be wanting to flow reference information, this is basically used to associate a user to a site in the Portal. The site should contain all the information you require. The workflow is used to look at the site and pull out the values you want to set on the user. 

    Assuming "site" is a reference attribute bound to your user, the "value" part of your function evaluator would be something like (note these are the names of the FIM Service attribute):

    Destination: [//Target/Department]

    where 

    - Target = your user

    - Department = the string attribute "Department" bound to user

    Value: [//Target/site/siteName] 

    where 

    - Target = your user

    - site = the reference attribute linked to your user

    - siteName = the string value for siteName on the linked "site" object 

    The department attribute of user is ultimately what you would flow out to AD which should be a string. Could you post more information about your schema for site and user (attribute names/types)? Perhaps we can help with the XPath and the configuration of your MPR. 


    Tuesday, August 19, 2014 12:33 AM
  • On my portal user attribute, I’ve added a new attribute called SiteReference which is a Reference attribute. In the portal I’ve added a new resource type called "site" which I’ve added 3 string attributes  - address, sitename and siteid(indexed).

    In the MV designer, I’ve added a site object with 6 string attributes – csobjectid, detectedrulesList, expectedRulesList, address, sitename and siteid. I’ve used the existing user reference attribute “seealso” to map a user to their site.

    I have a CSV MA which flows a list of sites from a CSV to the MV and FIM MA attribute flows  are setup as shown below to flow values between the MV and portal.
    I’m using declarative rules with the set/mpr/triple to flow users and user information into AD with outbound sync rules. I have an MPR called “AD User Attribute Update” which is a transition in MPR with an activity which triggers my AD outbound sync rule.

    What I am struggling with is to figure where to configure the workflow to de-reference the reference attributes and how to export this information to AD. Do I need to include the de-reference workflow in my MPR which also has my AD outbound sync rule? How can I map other reference attributes such as siteid to other AD
    attributes (e.g. extenstionattribtute4)

    I've attached a few screenshots of the current configuration as it may help:

    RCDC drop down showing values correctly synced from MV to portal


    Tuesday, August 19, 2014 11:30 AM
  • Ok, so I believe things should be configured like this:

    WF - Action with function evaluator 

    Destination: [//Target/Department]

    Value (Custom Expression): [//Target/SiteReference/sitename] 

    MPR 

    Requestor - up to you, may be service desk  or admins 
    Operation: "modify a single-valued attribute"
    Permissions: grants permission
    Target before request: All active people
    Target after request: All active people
    Resource attributes: SiteReference
    Action workflow: WF above 

    To trigger the above, login as someone belonging to the requestors set and modify site reference on the user. This will update the user department attribute with the site name. 

    From there you add an inbound flow from the portal to the MV for department, and update your AD SR to flow department -> department (or whichever attribute you require). 


    • Marked as answer by EuroTechie2013 Wednesday, August 20, 2014 5:09 PM
    Wednesday, August 20, 2014 12:28 AM
  • Cameron,

     Worked a treat - many thanks, you have been a great help! :-)

    Wednesday, August 20, 2014 5:09 PM