Pull attribute from Active Directory through CA Identity Manager

book

Article ID: 16158

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction



How to pull an attribute from Active Directory through CA Identity Manager?

Environment

Release: CAIDMB99000-12.6.7-Identity Manager-B to B
Component:

Resolution

Policy Xpress is the approach to take in this situation. The only issue is that it is only triggered based on specific events / tasks.


For example, to get the manager attribute during the Active Directory Explore and Correlate, select the AD manager attribute during the Active Directory endpoint explore and update global user fields process. Make sure to define the Endpoint Mappings between the AD manager and Global User attribute (ex. eTCustomField99). Then map that Global user attribute (eTCustomField99) with an IM attribute (for example, %STRING_00%) on the Identity Manager environment Provisioning Advanced Settings. During AD endpoint explore, the value of AD manager attribute will be taken in DN format (ex. cn=manager,ou=users,dc=forwardinc,dc=ca) and this will be propagated to Global User attribute (in this case eTCustomField99) From there it will be propagated to IM attribute (in this case %STRING_00%). Then trigger a Policy Xpress when the IM attribute (%STRING_00%) is updated to extract only the manager userid from the DN and set %MANAGER% attribute of the user.