search cancel

Provisioning Global User is not created from Identity Manager Server


Article ID: 36146


Updated On:


CA Identity Manager CA Secure Cloud SaaS - Single Sign On CA Identity Suite



When a user is created via Identity Manager in the Identity Manager user store, there is no corresponding 'global user' created in the Provisioning directory.




The reason that the provisioning global user is not being created is that you have not assigned any provisioning roles to the user.

Identity Manager (IDM) does not create a provisioning user if the user has no provisioning roles assigned. This is by design because there is generally no need for a provisioning user to exist if it has no provisioning roles. 


When you assign the user its first Provisioning role, either during initial creation from IDM, or afterward via modify user, then the global user will be created. 

Some customers always assign a 'dummy' provisioning role when the user is created via IDM so that the global user will also be created. A 'dummy' provisioning role is a basic prov role that that does not assign any accounts.