How to set the authOrig attribute on AD accounts via Policy Xpress
search cancel

How to set the authOrig attribute on AD accounts via Policy Xpress

book

Article ID: 12672

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction



We want to use Policy Xpress to set authOrig on an Active Directory account when the account is terminated so that it can receive email only from itself and not from anyone else.  What is the proper format for the attribute value when setting it via PX?

Environment

Release:
Component: IDMGR

Resolution

The value must use the IAMHandle format with some additional data.

For example, if the AD account's DN is "CN=<test user>,CN=Users,DC=ADEndpoint,DC=support,DC=com" use the following as the value in the PX action to update the account attribute (including the brackets): 

{"name":"Account=<test user>,ADSContainer=Users,EndPoint=ADEndpoint,Namespace=ActiveDirectory,Domain=im,Server=Server"}

The same formatting can also be used if setting the value to another user's DN, not only for that account itself.

 

Powered by Wolken Software