Changing MV attribute value after disconnection RRS feed

  • Question

  • Hello, I'm a bit new to FIM and I had a question on changing a MV attribute after it disconnects from an MA. I have users who are provisioned from AD and get attributes from various MAs. Some of these attributes are imported from an MSSQL view. So, what I would like to do is once they're not in the view, an MV attribute will change its value to "disconnected" which will then be picked up by another MA and it will propagate to an LDAP. I've been trying to setup some deprovisioning rules in an the MSSQL MA extension to write directly to the LDAP once it becomes disconnected but no luck. Any help would be greatly appreciated!
    Wednesday, October 26, 2016 7:03 PM

All replies

  • Even though I suspect you need something more simple, such as "Order of precedence", there are ways to do this.

    But can you tell us what you are trying to accomplish in practical terms, so we can tell if you need this or not and if Precedence can do.

    1- Extend MV Schema and create a bolean attribyte "AD_Conected" = True/False.  Set this on inbound to true if it is connected and false when it is not.  There is a method to that you can call (mventry.ConnectedMAs("AD_MA")) which tells you if the AD MA is connected.  You can call this from any MA you want to do something when AD MA is disconnected.

    2- You can still extend the MV Schema and populate the Bolean attribute, then do the same in FIM Portal.  Create Set of all users who are connected, nor connected to MA A,B,C, and do something.

    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Friday, October 28, 2016 4:50 PM
    Thursday, October 27, 2016 12:28 PM