none
Can Modifying Email (Email mapped with DN - in FIM Sync) will link with user that is already provisioned to external system(Google) RRS feed

  • Question

  • Hi,

     We have provisioned users from FIM to Google(used Generic REST API MA) by mapping "Email" with "DN". Now we need to change that Email at FIM.We want to link the changed Email with the user present in Google.But when we do an export it is creating a new user at Google because of new DN.How we can modify the DN in FIM Sync Provision Code so that the new DN(Email) will be updated to the already existing user at Google.

    Please suggest me.

    Thanks

    Prasanthi.

    Wednesday, May 6, 2015 9:21 AM

All replies

  • You cannot change the Anchor object without triggering the provisioning of a new account.

    1. First you need to change the Anchor to something that will not change

    2. Then you can modify DN

    Thanks,

    Nosh


    Nosh Mernacaj, Identity Management Specialist

    Wednesday, May 6, 2015 1:04 PM
  • We use the internal ID generated by Google when the user is provisioned as Anchor. This does not change.

    Wednesday, May 6, 2015 1:58 PM
  • You cannot change the anchor object. That is it.

    Nosh Mernacaj, Identity Management Specialist

    Wednesday, May 6, 2015 2:00 PM
  • Hi Leo,
    "We use the internal ID generated by Google when the user is provisioned as Anchor. This does not change." --> I am unable to understand the point behind it.Can you elaborate on this.

    Thanks
    Prasanthi.
    Friday, May 8, 2015 5:04 AM
  • By using the Google User Internal ID as anchor in FIM, you are able to change the primary email address (we do this in our Google Agent, and it's working fine).

    Note that the agent you are using, "Generic REST API MA", at the moment only supports Primary Email as FIM Anchor attribute. 

    See Google's documentation for the Google User Internal ID:

    https://developers.google.com/admin-sdk/directory/v1/reference/users

    id string

    The unique ID for the user. A user id can be used as a user request URI'suserKey.



    Friday, May 8, 2015 7:12 AM
  • Hi Leo,

           Thanks for update....

    We are using Generic Rest API for Google MA. In our MA, in the Anchors tab there is no attribute "id". By default the primary Email is set as "Anchor" attribute. Even I found that in the Select Attribute Tab, "id" is not present in the attribute list.

    Can you please let me know how to make "ID" as "Anchor" attribute. Where to change the code for Google MA.

    Thanks

    Prasanthi.

    Friday, May 8, 2015 11:47 AM
  • You will need to change this class and recompile it:

    https://restmafim.codeplex.com/SourceControl/latest#PluginTemplate/Template/Objects.cs

    You will also need to move the Anchor-attribute to an Id attribute that you add. The code looks like this today:

    [Anchor(true)] public string primaryEmail

    You'll need to remove the         [Anchor(true)] and add it to your added Id attribute. E.g.:

    [Anchor(true)] public string internalId

    You will also need to handle this internalId Attribute in the plugin extension code:

    https://restmafim.codeplex.com/SourceControl/latest#PluginTemplate/Template/FIM_Interface.cs

    Note that the internal ID is something that the Google API returns when the user has been created. You'll need to add this value to the CSEntryChangeResult.



    Tuesday, May 12, 2015 3:23 PM