Cannot modify the "User Logon Name" of AD Accounts during synchronization
search cancel

Cannot modify the "User Logon Name" of AD Accounts during synchronization

book

Article ID: 132847

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

When you create an account template, you can use rules strings to define the format of many account attributes. Rule strings are variables for the actual value. Rules strings are useful when you want to generate attributes that change from one account to another. When rules are evaluated, CA Identity Manager replaces the rule strings entered in the account templates with data specified in the user object.

A scenario has been identified with the following behavior:

When setting the Account ID equal to %UE% (User Email Address) even with strong sync enabled the Account Id does not get synchronized.

Environment

Release : 14.x

Component : IdentityMinder(Identity Manager)

Cause

This is working as per the current design.

Resolution

This cannot be achieved through template synchronization.  To overcome this issue you must create a PX (Policy Xpress) policy to set the attributes after synchronization.

Additional Information

For more information on Attributes and Rule strings, please refer to the CA Identity Manager Product documentation.


https://docops.ca.com/ca-identity-manager/14-3/EN/administrating/managed-endpoints-and-provisioning/provisioning-roles/attributes-and-rule-strings-in-account-templates