Assigning Multiple Resource Accounts to IdM User Account in IdM 7.0

Similar Messages

• Deleting IDM user accounts during reconciliation

  Hello All,
  We have an authoritative data source which is a MySQL database. I have loaded all the users from the DB into IDM. What I want to know is can we delete the user in IDM when the user account is deleted from the MySQL database?
  How can I achieve this during reconciliation?
  Any help would be highly appreciated.
  Thank you very much.
  Vamsi

  I think you need to use the per account workflow, which is part of the recon policy. It should be something like:
  <Extension>
  <WFProcess name='UC2 ORA Per Acct Workflow' title='UC2 ORA Per Acct Workflow'>
  <Variable name='userName' input='true'/>
  <Variable name='accountId' input='true'/>
  <Variable name='loginApplication' input='true'/>
  <Variable name='resource' input='true'/>
  <Activity id='0' name='start'>
  <Transition to='Sync Attributes'>
  <eq>
  <ref>initialSituation</ref>
  <s>AR_SITUATION_NAME_UNMATCHED</s>
  </eq>
  </Transition>
  <Transition to='Deprovision User'>
  <eq>
  <ref>initialSituation</ref>
  <s>AR_SITUATION_NAME_DELETED</s>
  </eq>
  </Transition>
  <Transition to='Disable User'>
  <eq>
  <ref>initialSituation</ref>
  <s>optional logic here</s>
  </eq>
  </Transition>
  <Transition to='Clear Task Results'/>
  <WorkflowEditor x='38' y='177'/>
  </Activity>
  <Activity id='1' name='Sync Attributes'>
  <Variable name='WF_ACTION_ERROR'/>
  <Variable name='user'/>
  <Action id='0' name='Checkout User' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='checkoutView'/>
  <Argument name='type' value='User'/>
  <Argument name='id' value='$(accountId)'/>
  <Argument name='authorized' value='true'/>
  <Argument name='Form' value='UC2 ORA Per Acct Form'/>
  <Variable name='view'/>
  <Return from='view' to='user'/>
  <Return from='WF_ACTION_ERROR' to='ERROR'/>
  </Action>
  <Action id='1' name='Checkin User Object' application='com.waveset.session.WorkflowServices'>
  <Condition>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Condition>
  <Argument name='op' value='checkinView'/>
  <Argument name='view'>
  <ref>user</ref>
  </Argument>
  </Action>
  <Transition to='Clear Task Results'>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Transition>
  <Transition to='end'/>
  <WorkflowEditor x='259' y='7'/>
  </Activity>
  <Activity id='2' name='Deprovision User'>
  <Variable name='WF_ACTION_ERROR'/>
  <Variable name='user'/>
  <Action id='0' name='Checkout User' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='checkoutView'/>
  <Argument name='authorized' value='true'/>
  <Argument name='type' value='Deprovision'/>
  <Argument name='id' value='$(accountId)'/>
  <Variable name='view'/>
  <Return from='view' to='user'/>
  <Return from='WF_ACTION_ERROR' to='ERROR'/>
  </Action>
  <Action id='1' name='Select All Accounts for Deprovision'>
  <expression>
  <set name='user.resourceAccounts.selectAll'>
  <s>true</s>
  </set>
  </expression>
  </Action>
  <Action id='2' name='Checkin User Object' application='com.waveset.session.WorkflowServices'>
  <Condition>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Condition>
  <Argument name='op' value='checkinView'/>
  <Argument name='view'>
  <ref>user</ref>
  </Argument>
  </Action>
  <Transition to='Clear Task Results'>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Transition>
  <Transition to='end'/>
  <WorkflowEditor x='308' y='241'/>
  </Activity>
  <Activity id='3' name='Disable User'>
  <Variable name='WF_ACTION_ERROR'/>
  <Variable name='user'/>
  <Action id='0' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='disableUser'/>
  <Argument name='accountId' value='$(accountId)'/>
  <Argument name='doWaveset' value='true'/>
  </Action>
  <Transition to='Clear Task Results'>
  <isnull>
  <ref>WF_ACTION_ERROR</ref>
  </isnull>
  </Transition>
  <Transition to='end'/>
  <WorkflowEditor x='390' y='387'/>
  </Activity>
  <Activity id='4' name='Clear Task Results'>
  <Action id='0' application='SET_RESULT_LIMIT'>
  <Argument name='limit' value='0'/>
  </Action>
  <Transition to='end'/>
  <WorkflowEditor x='351' y='104'/>
  </Activity>
  <Activity id='5' name='end'>
  <WorkflowEditor x='691' y='50'/>
  </Activity>
  </WFProcess>
  </Extension>
  Reg/Suveer

• Multiple Applications in Parent Controlled User Account

  I've been running Mac for a while but this is the first time I've set up a second user.  I'm also not as Mac savvy as a lot of you are on here but I can make my way around, so please be patient with me if I ask a silly question or two.
  In setting up a user account for my "Kids", I used the Simple Finder, limited their applications to a select few, and limited their web use to a set number of web pages as they are still quite young and are just beginning to use computers.  Everything worked out well, except when we log out and back in again.  When we do this, a second copy of applications show up in the Applications folder. With every log in, there is a new set.  I think we are now up to 19 copies of each application allowed.
  I deleted the shortcuts and they reappear.  I've deleted the user account entirely and carefully set it all up again.  Same thing.  I tried deleting it again but ditto with the result.  I've restarted multiple times.  I've reset the PRAM.  I've deleted prefences files.  I've ran a Mac Cleaner.  I updated to Mavericks from Lion in hopes it was related. It still does it.  This is driving me nuts.  I've googled and googled.  I've searched these discussion boards.  What am I missing?  Surely there is something relatively simple to resolve this?  I'm out of ideas and I'd really like this fixed so my kids can use their user account.
  Can anyone help out a stressed out mom?
  Thanks in advance.

  I still need a bit of guidance with this please.  When I enter the expanded finder and open up the "Kids" Library folder, under Managed Items/My Applications, it lists all the duplicate application shortcuts.  I've deleted these again.  Put them in the trash, logged out and restarted.  Once logging back in, again, I have duplicates occuring. What is going on??  Please help.  I'm not sure what else to try or do.  There has to be a simple fix to this.  Doesn't there?

• Guest Account Bug Resets User Accounts and Deletes Files on Snow Leopard

  Hi Everyone
  Well basically, I hadn't used my Guest Account since upgrading to snow leopard, and I accidentaly clicked it instead of my user account this morning, to find that when I logged into my normal account ALL my files, settings, mail etc had been reset.
  So I'm posting this to let people know, (and hopefully Apple if they don't know about this) what's happening.
  Here's the post I sent to Apple Feedback:
  Hi,
  Well basically, I upgraded to snow leopard recently, everything was working fine, I've upgraded to 10.6.1 and have all the latest software updates etc, so anyway this morning I turned my computer on and accidentaly clicked on the Guest Account on the login screen instead of my normal one, so it started trying to load the guest account (which I hadn't loaded since before the upgrade).
  So I wait about two minutes, and nothing atall happens apart from it loading on the logon page, so I pressed Enter to return me to the login window.
  So once I was returned I logged on as my normal user, to find my Desktop reset, my Dock reset, my Documents, Music and Photos reset and all my software reset.
  So I restarted my computer and logged on again, it was exactly the same, everything gone. At which point I looked in the Users folder to find that my User profile had been removed and replaced with a fresh one with the same name. So I then spent half an hour restoring everything from my Time Machine backup.
  I hope Apple are aware of this issue and would greatly appreciate to hear back on the status of what's happening about it, as it doesn't seem to be an isolated issue it's been happening to other people over the last month.
  Here's a few posts from other people who've had this problem, and an article on the CNET site MacFixIt about the bug:
  http://discussions.apple.com/message.jspa?messageID=10123656#10123656
  http://discussions.apple.com/thread.jspa?threadID=2157518&start=15&tstart=0
  http://discussions.apple.com/thread.jspa?threadID=2171494&tstart=0
  http://discussions.apple.com/thread.jspa?threadID=2142272&start=30&tstart=0
  Reports on the Internet:
  http://9to5mac.com/snowleopards_eatusers
  http://reviews.cnet.com/8301-13727_7-10346974-263.htmll?tag=mncol;txt
  To clarify, I have an iMac (aluminium 20" one), with a 2.4ghz processor and 3GB of Ram, please update me on anything that's going on with this issue as I don't want it to continue happening to others who might not have backups,
  Thanks,
  Daniel.
  So if anybody else expieriences this issue your not alone, there's a couple of other posts from people who've had problems above in the middle of my feedback letter. Unfortunately in my case it deleted my Home folder and replaced it with a new one, so if this happens to you then your only option is to restore from a backup. You can attempt to use file recovery software if you don't have one, but I haven't tried this and don't know how well it would work.
  Hope I've helped clarify things for anybody who this has happened to,
  Daniel.
  Message was edited by: dbferrari

  Maybe it will be usefull but last days I tried to login as *Guest* (because I didn't want to logout as my user). In *system preferences* I allowed guest login, then I fast switched to *Guest Account*, do some changes in profile like mouse movement and so on, then I correctly logged out and logged once more to my account. Now I affraid off rebooting macbook (I always hybernate system with changed default settings which store memory into HDD) until the fix will be released. Probably the data was not removed, because I was logged in as me and */Users/$USER* was still in use. Now I am wondering if I can reboot safelly macbook without losing my data..
  For backup do I need to use some command for backuping home to windows machine through *SMB*? because unix like systems have links and so on.. (in *AIX OS* I have to use "*rsync*" command, which copy whole data exactly as it is stored on filesystem - if there is link it will copy only that link, not file which is linked...)

• Difference between ACS Administrator account and ACS user account?

  Does an ACS administrator by default have full rights to every device it manages?
  I thought ACS administator accounts and user accounts were different.
  I have an acs admin account called admin_1. then i created another user account called admin_1 (for switch/router access)
  when i set the password for admin_1(user accounts), when i tried to login into the switch it wouldn't take. It would only take the password set for the ACS admin account.
  Is this by design?

  My understanding was that this is not the case, Ive just tested my installation again to make double sure and the user accounts and the admin accounts are clearly seperated
  The RADIUS server does not make use of the Admin user database.

• I want to transfer datas from administrative user account to guest user account

  Hello everyone. I am Biswajit. I am in a real mess. 2 days ago while I was signing in myself to my main account I faced this error 
  "The User Profile Service service failed the logon.
  User Profile cannot be loaded"
  After doing a bit research I came to know that I have to make another account to use my PC. I was in safe mode and unfortunately in 
  case of one account I made 4 accounts. I wanted to delete those accounts. But when I tried that while signing to one of my guest 
  account, it asked for my administrative account password. I was giving the right password but it was not receiving that. I have some 
  important document on my desktop of my administrative user account. What will I do for that. Please give some advice.
  Or may b I can change my recent guest account to administrative account. I cant do that too.

  Hi,
  The error here means you are using a temporary profile, and here is a KB talking about this error message:
  You receive a "The User Profile Service failed the logon” error message
  Also here is a similar thread for reference:
  I receive error message: The user profile service failed the logon. User profile cannot be
  loaded
  Hope this may help
  Best regards
  Michael Shao
  TechNet Community Support

• Macbook Pro OS Lion couldn't access guest account and new user account

  Hi I bought this new MacBook Pro a month ago.  When I try logging into my guest account, it froze.  I had no other alternative but to get out of it by pressing the power button.  Then I tried open a new user account to see if it also has the same problem.  Unfortunately it did have the same problem - froze after I logged in.  I had done a harddisk check, there seemed to be no problem. So I wonder if this is a common problem of OS Lion? And are there any way for me to solve the problem?

  That is not a common problem with Lion.
  My suggestion is to take it to Apple and ask them to fix. Besides if you take it Apple then they are aware of your problem just in case it returns in the future.
  You might try a safe boot by holding down Shift during boot and seeing if that tells you anything.
  Allan

• Assign IP Address based on PPTP user accounts

  I was asked to replace an existing non-Cisco router with a Cisco 1921 router configured as a PPTP server for multiple PPTP clients to connect to.  I was able to get this working but the problem is that I'm using a single IP address pool for everyone but I need to be able to ensure that each PPTP client gets assigned the same address every time it connects.  The old non-Cisco router had an easy way to assign each user an IP addres through its web-gui but I havne't been able to figure out how to do it on the cisco router so far.   Just to clarify... as an example, every time user john_smith connects they would get 192.168.5.100 and when user joe_schmoe logs in they would get 192.168.5.101, etc. instead of just getting whatever the next free address in the pool is.   It seems like I need to make multiple IP address pool with only one address in each pool and associate each username with the appropriate pool but I don't know how to do that or if it is even possible. 
  I'd appreciate it if anyone could either help me understand how to do this or let me know if it isn't possible. 

  You will find all the info you need here:
  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4t/dhcp-12-4t-book/config-dhcp-server.html
  Refer to the "Manual Binding" section for Client-Mac reservation pool:
  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/12-4t/dhcp-12-4t-book/config-dhcp-server.html#GUID-68D87544-7C6F-48C9-9DFE-56F5B7E4A89D

• Setting up new macbook pro ,want to transfer music on existing Apple id and then set him up with a new one for future purchases ,can itunes play music from both accounts on one user account?

  Title says it all really,son has until now used our itunes account,in future will want to build up own but wants obviously to have access to past musuc/books etc.I was thinking authorise new macbook with existing apple id ,transfer music ,then set up new id for future,if he wants to play old music he will have to log in under old account.
  Also want to link to icloud but this will need to be the new id presumeably because you are not allowed to change the computer,does this mean it will only back up the stuff from new account?

  I have tried the method of authorizing my computer and then initiating transfer purchases method yet my purchases were not transfered. I was told Apple can put your purchases in a certain place for you to retrieve them in your I-tunes account.
  Is there any way you can help me with this problem?

• Reconciliation for the deleted user accounts on Target Resource

  Hi,
  I am trying to run reconciliation on a DB Table as the target resource. It is linking the user accounts that are present in the target resource.
  But for the user accounts that are deleted on the target resource Reconciliation is not showing any action on the IdM user accounts under resource profile. The resource object link still shows the status "Provisioned".
  Ideally when the users are deleted on the target resource User's profile, Does it require any customizations to make the resource assignment status to "revoked" instead of "Provisioned".
  Any response would be of great help.
  Thanks in advance.

  See there could be two possibilities only:
  *1) User Status Recovery via trusted Reconciliation*
  Associated field in OIM responsible for it - Status field of OIM User Profile -> Check Process Definition for Xellerate User or any Trusted resource in "Reconciliation Field Mappings" section
  Valid values are : Active, Disabled and Deleted
  *2) Account Status Recovery via target Reconciliation*
  Associated field in OIM responsible for it - OIM_OBJECT_STATUS field from Process Data Field -> Check Process Definition for Your custom resource of DB App Table in "Reconciliation Field Mappings" section
  Valid values are : Enabled, Disabled and Revoked
  So you are trying to achieve the second part.
  Hope its clear.
  Thanks
  Sunny

• New Mac User: iTunes Auth with multiple user accounts

  With a Mac with multiple user accounts, does EACH user account need to have iTunes authorized, or is iTunes authorized for an entire mac machine?

  So then I assume that iTunes will know then if each of the computer's user accounts has a different iTunes account?
  When you authorize an iTunes account on your computer, the authorization info is stored in \Users\Shared\. When you run iTunes, it looks there to see if it can play purchases. The purchase account info is embedded into each purchased file.

• Multiple Schemas under one user account with XE 10g

  Hi,
  I am using (learning) XE 10g. I would like to know if it is possible to have multiple schemas under one user account and have the schemas logically separated. As of right now, I have three schemas that I am working with, each one under a different user account. This is inconvenient, because I have to logout of one user account and login to another user account simply to be able to work with another schema.
  Thanks

  It isn't possible to have multiple schemas under one database user account. It is of course possible to grant rights to other database users, and or roles, in order to allow access to the tables/data from other accounts. In Oracle there is a one-one mapping between schema and user.
  Niall Litchfield
  http://www.orawin.info/

• Firefox will not run for mulitple instances of the SAME user account on Windows Multipoint Server 2011

  We have an HP MS6200 MulitSeat PC
  It is running Microsoft Windows MultiPoint Server 2011 (which appears to be a tweaked version of Windows 7)
  It is set up in a computer lab, and students log in using their shared room account - ie multiple instances of the same user accounts are running on the PC at the same time.
  The first student to run Firefox can work with it without problem.
  However when another student tries to start firefox they get the following message:
  Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system.

  Thanks for the quick reply.
  I managed to get this to work by using:
  "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -profile "%temp%\ffprof" -no-remote
  This works because Windows assigns a different temp location for each instance of a user
  Thanks for your help

• Sharing Music Between Users Accounts on a Single Computer

  I know that you can listen to music belonging to another user account on the same computer (as long as that user remains logged in), however, is there a way to COPY (drag and drop) music from one user account to another user account (on the same computer) similar to how it is done between multiple computers with Home Sharing?

  iTunes: How to share music between different accounts on a single computer - http://support.apple.com/kb/HT1203 - relocating iTunes' media folder to a shared area but leaving separate library files - extra tip at https://discussions.apple.com/message/17331189

• Sharing files and library between user accounts

  I know this question was asked many times before, but I never read a clear answer. Is it possible to share the library (and files) from one user account to another user account on same computer (same apple ID in iTunes) so that when user 1 downloads music, user 2 will see the music (without any additional steps) when they log into iTunes.
  The problem I ran into was user 2 had to manually add the new purchased music to their library in order to see the music. If user 2 was unaware of any purchases, user 2 unaware could potentially repurchase the same music.
  My issue is my other users (family members) are not diligent when it comes to checking.
  Is there an easy way to sync the two music libraries (or 1 real library) across multiple user accounts on the same PC.

  Move the library to the /Users/Shared/ folder, go into each user account, launch iTunes with the Option key held down, and choose that library.
  (111791)