none
[Urgent]: Synch Process by pass all AuthN & AuthZ workflows RRS feed

  • Question

  • Hi All,

    I have a urgent requirement and need your help.

    Requirement: 

    If synchronization account do any changes on the Manager attribute of the user then Log the Old and New Manager in a text file.

    I have tried this using Administrator as requester and written PowerShell code for logging Old and New Manager in Authorization workflow using PowerShell activity and it's working fine.

    But when I tried this using Synchronization Account as requester then it's not working, because Synch Process by pass all AuthN & AuthZ workflows.

    Can any of you please suggest some alternate solution.

    Thanks in advance,

    Tuesday, September 24, 2013 8:55 AM

All replies

  • If you only have one source for changing the manager, why not use good old code extension on an advanced import flow of the contributing MA.

    The only Portal solution that comes to my mind is, to use Powershell Activity to copy the Manager attribute to another "helper" attribute and use a normal "portal" user to run as, so your Auth Workflow will run.

    Set a trigger on the manager attribute when SyncEngine change it.

    Start a Powershell Activity in a workflow to copy the attribute to a 2nd attribute, this activity can run as FIMService by default which goes through AuthN and AuthZ as this is a normal User to the Portal.

    Not very neat but working i think.

    Have a look at Craigs and Brians FIM Powershell Activity and FIM Powershell Module.

    Should be very easy with these both tools.

    Regards
    Peter


    Peter Stapf - Doeres AG - My blog: JustIDM.wordpress.com

    Tuesday, September 24, 2013 6:35 PM