none
How to configure sync rules involving a CSV file and portal self service RRS feed

  • Question

  • Hello,

     I need to configure some FIM sync rules for the following scenario:

     User account details are entered from a HR CSV file and exported to AD  Users have the ability to modify their own AD attributes in the FIM portal (there is not a requirement for them to view their  HR CSV data in the portal). The FIM portal modifications will be exported to AD as expected.  

    My setup is as follows:

    CSV file - name, last name, employee ID, address.
    CSV MA - has direct attribute flows configured in the MA between the data source and MV Portal self service attributes –       users can edit mobile, display name and photo

    I've also set the CSV MA as precedent for the attributes

    FIM MA – attribute flows defined for MV to Data Source as usual (i.e. firstname to firstname, accountname to accountname, etc).

    AD MA – no attribute flows defined as inbound and outbound sync rules have been configured in the portal using the Set\MPR\Triple.

    I’m thinking of using the following run profiles:

    1.        CSV MA – full import and delta sync (imports HR data)
    2.        FIM MA –  export and delta import (imports portal changes)
    3.        FIM MA – delta sync (syncs any portal changes)
    4.        AD MA – export and delta import

    If my understanding is correct this should sync HR data from CSV to AD, as well as user attribute self service updates from the portal to AD.

    If I wanted to just do a HR CSV sync could I get away with just steps 1 & 4 ? (presumably not as my rules are in the FIM portal?)

    If I wanted to do just a portal sync, could I get away steps 2-4?

    Any advice on how to improve my setup is much appreciated - cheers



    IT Support/Everything


    • Edited by Aetius2012 Friday, March 21, 2014 7:30 PM
    Friday, March 21, 2014 7:29 PM

All replies

  • The truth is that your design should be done in the way that it doesn't matter which profiles in which order you will execute. At the end, if you will run all import, synch and export profiles on each data source you should get same result. This is beauty of synch engine here.

    Your steps from 1-4 will synch data to your data sources and at the end will give you expected result. But not because of the order you are executing them but because of correct attribute flows. If flows from CSV file and from FIM portal might be done for the same attributes you need to think also about attribute precedence.   


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Friday, March 21, 2014 9:56 PM
  • Hi Tomasz,

     I quickly found that putting the fim portal as precedent for display name works great when exporting data to AD as you see the display name updated immediately, but giving FIM precedence causes new users to be imported from AD with "(no display name)" in the portal.

    I then configured AD as being precedent, which imports user display names from AD OK, but also means that user edited display names are not exported to AD.

    I then configured display name with equal precedence between AD and FIM - from my brief testing this has worked fine so far, but I'm a little concerned that somehow one change could over write the other. Any advice on getting around this is welcome...

    Thanks


    IT Support/Everything

    Monday, March 24, 2014 7:44 PM