Pull attribute from Active Directory through CA Identity Manager


Article ID: 16158


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On


How to pull an attribute from Active Directory through CA Identity Manager?


Release: CAIDMB99000-12.6.7-Identity Manager-B to B


Policy Xpress is the approach to take in this situation. The only issue is that it is only triggered based on specific events / tasks.

For example, to get the manager attribute during the Active Directory Explore and Correlate, select the AD manager attribute during the Active Directory endpoint explore and update global user fields process. Make sure to define the Endpoint Mappings between the AD manager and Global User attribute (ex. eTCustomField99). Then map that Global user attribute (eTCustomField99) with an IM attribute (for example, %STRING_00%) on the Identity Manager environment Provisioning Advanced Settings. During AD endpoint explore, the value of AD manager attribute will be taken in DN format (ex. cn=manager,ou=users,dc=forwardinc,dc=ca) and this will be propagated to Global User attribute (in this case eTCustomField99) From there it will be propagated to IM attribute (in this case %STRING_00%). Then trigger a Policy Xpress when the IM attribute (%STRING_00%) is updated to extract only the manager userid from the DN and set %MANAGER% attribute of the user.