Scenario:

The customer wants to certify IM (Identity Manager) Groups but IG (Identity Governance). The customer has created provisioning roles using ETAUtil corresponding to the groups and is importing into IG to certify them.  Since there is no specific role attribute to contain the role owners, the customer is populating the eTCustomField01 with the role owners and mapping it to IG role owner attribute.

Issue:

When importing data from Identity Manager using a connector in Identity Governance, only one provisioning role owner is imported from IM and if the data is exported back from Identity Governance to IM, the data in IDM is lost (the provisioning role owner field gets updated with the owner that the IDG has, and loses the multivalue that the IDM had).

Is it possible to have more than one provisioning role owner in Identity Governance and Identity Manager?

Release : 14.4.x

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Working as designed.

From the IG side, IG Role owner is a single value attribute and it should always refer to a single user. Even if you map it to a multi-value IM attribute, it will consider the multi-value (JSON value) as a single user. So out of the box, you can not maintain multiple IG role owners. If you are importing the owners only for viewing purposes, you can map the customField01 to a custom IG role field instead of the role owner.