Provisioning Global User is not created from Identity Manager Server

book

Article ID: 36146

calendar_today

Updated On:

Products

CA Identity Manager CA Secure Cloud SaaS - Single Sign On CA Identity Suite

Issue/Introduction

 

When a user is created via Identity Manager in the Identity Manager user store, there is no corresponding 'global user' created in the Provisioning directory.

 

 

Cause

The reason that the provisioning global user is not being created is that you have not assigned any provisioning roles to the user.

Identity Manager (IDM) does not create a provisioning user if the user has no provisioning roles assigned. This is by design because there is generally no need for a provisioning user to exist if it has no provisioning roles. 

Resolution

When you assign the user its first Provisioning role, either during initial creation from IDM, or afterward via modify user, then the global user will be created. 

Some customers always assign a 'dummy' provisioning role when the user is created via IDM so that the global user will also be created. A 'dummy' provisioning role is a basic prov role that that does not assign any accounts.