none
Best way to manage multiple Employee Types in MIM 2016 sp1 RRS feed

  • Question

  • Hello,

    I am looking to add several different Employee Types to the MIM Portal. ie EmployeeAccounts, ConsultantAccounts, and TempAccounts.  Our HR system only tracks EmployeeAccounts, and is the "Source of Truth" for our employee accounts in the MIM Portal.  I'm not sure what would be the best way to add these other employeeAccount types. 

    I have created separate objects for these account types in the Metaverse, and have had little success pulling these accounts from Active Directory to the MIM Portal.

    Monday, January 8, 2018 9:38 PM

Answers

  • Where are they generated? If they come from another source, you can still project them to Person Object in mv and sync to MIM Portal same way. There is no need for separate objects. In MIM Portal, I suggest you use some attribute that distinguishes them.  If you don't have a source for them, you can use MIM Portal as the source.


    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Tuesday, January 9, 2018 10:49 PM
    • Marked as answer by JasonRLI Thursday, January 11, 2018 3:52 PM
    Tuesday, January 9, 2018 10:48 PM

All replies

  • Do you need them to login to portal, or use SSPR? if yes, you need them all to be object person, because only object type can login to portal. If they don't need to login to portal o use SSPR, then you can create separate object types in Portal and map the ones you created in MV.

    Nosh Mernacaj, Identity Management Specialist

    Tuesday, January 9, 2018 4:31 AM
  • Ideally, SSPR and Portal access would be needed for these other types of accounts.  So if they all need to be a Person Object for this, what is the best way to add these different account types?  Since our HR system only supports employees, and not consultant type accounts.

    Tuesday, January 9, 2018 6:49 PM
  • Where are they generated? If they come from another source, you can still project them to Person Object in mv and sync to MIM Portal same way. There is no need for separate objects. In MIM Portal, I suggest you use some attribute that distinguishes them.  If you don't have a source for them, you can use MIM Portal as the source.


    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Tuesday, January 9, 2018 10:49 PM
    • Marked as answer by JasonRLI Thursday, January 11, 2018 3:52 PM
    Tuesday, January 9, 2018 10:48 PM
  • Thanks for the reply.  These accounts are currently just being manually added in Active Directory Only. 

    We can use the employeeType Attribute to distiguish the account types then, which would simplify a lot.

    Is there any documentation that I can read on how to manage users from Separate sources? 

    One being our HR System and the other being the MIM portal.


    • Edited by JasonRLI Wednesday, January 10, 2018 4:14 PM
    Wednesday, January 10, 2018 4:12 PM
  • In this case, you project from AD To MV, and Synch to MIM Portal.

    EmplyeeType does the job. Need to be careful with the order of precedence, since they are coming from different sources. You may need to create custom attributes in MV so that you don't override one another.
    TechNet has lots of docs, but I cant point to the exact section. it is a combination of things.


    Nosh Mernacaj, Identity Management Specialist

    Sunday, January 14, 2018 6:13 AM