Access Policy Harvesting Does Not Appear To Be Picking Up The Account Discriminator Field
(Doc ID 1934607.1)
Last updated on JANUARY 31, 2019
Applies to:Identity Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Scenario: Bulk loaded/reconciled a large amount of accounts that we now want to use Access Policy harvesting on. It seems that every time the policy is evaluated, a new account is created - that then fails because an account already exists for our test resource.
Have set the correct flags in OIM to allow multiple provisioning and access policy harvesting and also set Account Discriminator to LDAP User ID field.
It looks like the discriminator field is returning as blank for the users in question, causing the system to think there is not a match and therefore creating a new account.
Currently, using a Pre-populate adapter setting the User ID for all provisioned accounts, taking the User ID from OIM's usr_login and applying that to ud_ldap_usr_userid. And when modifying the access policy, it says that the discriminator field is blank.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document