Provisioning Global User is not created from Identity Manager Server

book

Article ID: 36146

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Problem:

When a user is created via Identity Manager in the Identity Manager user store there is no corresponding 'global user' created in the Provisioning directory.

Solution:

The reason that the provisioning global user is not being created is because you have not assigned any provisioning roles to the user.

Identity Manager (IDM) does not create a provisioning user if the user has no provisioning roles assigned. This is by design because there is generally no need for a provisioning user to exist if it has no provisioning roles. 

When you assign the user its first Provisioning role, either during initial creation from IDM, or afterwards via modify user, then the global user will be created. 

Some customers always assign a 'dummy' provisioning role when the user is created via IDM so that the global user will also be created. A 'dummy' provisioning role is a basic prov role that that does not assign any accounts.

Environment

Release: CAIDMB99000-12.6.7-Identity Manager-B to B
Component: