FIM Portal Self Service User Provision Frequency

Similar Messages

• How to configure sync rules involving a CSV file and portal self service

  Hello,
   I need to configure some FIM sync rules for the following scenario:
   User account details are entered from a HR CSV file and exported to AD  Users have the ability to modify their own AD attributes in the
  FIM portal (there is not a requirement for them to view their  HR CSV data in the portal). The FIM portal modifications will be exported to AD as expected.  
  My setup is as follows:
  CSV file - name, last name, employee ID, address.
  CSV MA - has direct attribute flows configured in the MA between the data source and MV Portal self service attributes –      
  users can edit mobile, display name and photo
  I've also set the CSV MA as precedent for the attributes
  FIM MA – attribute flows defined for MV to Data Source as usual (i.e. firstname to firstname, accountname to accountname, etc).
  AD MA – no attribute flows defined as inbound and outbound sync rules have been configured in the portal using the Set\MPR\Triple.
  I’m thinking of using the following run profiles:
  CSV MA – full import and delta sync (imports HR data)
  FIM MA –  export and delta import (imports portal changes)
  FIM MA – delta sync (syncs any portal changes)
  AD MA – export and delta import
  If my understanding is correct this should sync HR data from CSV to AD, as well as user attribute self service updates from the portal to AD.
  If I wanted to just do a HR CSV sync could I get away with just steps 1 & 4 ? (presumably not as my rules are in the FIM portal?)
  If I wanted to do just a portal sync, could I get away steps 2-4?
  Any advice on how to improve my setup is much appreciated - cheers
  IT Support/Everything

  The truth is that your design should be done in the way that it doesn't matter which profiles in which order you will execute. At the end, if you will run all import, synch and export profiles on each data source you should get same result. This is beauty
  of synch engine here.
  Your steps from 1-4 will synch data to your data sources and at the end will give you expected result. But not because of the order you are executing them but because of correct attribute flows. If flows from CSV file and from FIM portal might be done for
  the same attributes you need to think also about attribute precedence.   
  Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

• How do I manually uninstall FIM Portal and Service 2010

  I installed Forefront Identity Manager 2010 as follows:
  Server 1: FIM Sync Service
  Servers 2, 3: SharePoint Farm, FIM Portal and Service
  I've had issues from the installation. When installing FIM Portal and Service on Server 2 it failed to recognize fim sync service on server 1. We had FIM service unavailable errors in most usage scenarios (even though asmx returned service description).
  I was able to use RunAs different user to start browser as the service account used to install and run the FIM service, browse to the identity management site using
  http://localhost and saw the fim portal. I was never able to see the portal using DNS address or server name from the server 2 or any other computer on the network, or using any other account (although I checked the option to
  enable portal access for authenticated users).
  I tried to uninstall - this went through all the steps but failed during apply and did a rollback. However, subsequent attempts to change, repair or uninstall all fail with message that the site was not found, please create it...
  I would like to manually remove FIM Service and Portal and begin again. How do I manually remove FIM Service and Portal when uninstall fails?
  Thanks,
  David Saylor

  Are you getting this error message while uninstalling FIM?
  FIM Portal and Service is trying to find a site which is not there anymore.  Just add  the url which FIM was looking into the Central Administration >> Alternate Access Mappings 
  Save and exit out from Central Administration and try to uninstall now and it should work.  It worked for me.
  http://aryannava.com/2014/03/26/how-do-i-manually-uninstall-fim-portal-and-service-2010/
  Aryan Nava | Twitter: @cloudtxt | Blog:
  http://virtualizesharepoint.com
  Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you.
  Disclaimer: This posting is provided "AS IS" with no warranties.
  Aryan, you should convert your blog post into a Wiki article:
  http://social.technet.microsoft.com/wiki/contents/articles/23330.technet-guru-contributions-for-march.aspx
  Thanks!
  Ed Price, Power BI & SQL Server Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• Provide self-service user with information about his/her VM? IP address at a minimum?

  Just setup a private cloud using VMM 2012 Sp1 as well as app controller 2012 SP1 fresh installs on Server 2012.  Since it's a lab, app con is installed on VMM server.
  I have the cloud and templates and service templates and self service working as well as an IP pool handing out IPs.  I was wondering if there was a relatively simple way to provide at least the IP address of the self-service provisioned VM to the self-service
  user who requested it, preferably through the app con site somehow.  
  There's 2 reasons behind this:
  1.  I'd like to avoid having them console in, get the IP, and then log out and RDP in.  I'd prefer they just RDP directly to the IP the first time and go about their day.
  2.  Our DNS is not MS and does not allow auto registering, so connecting via RDP through the app controller site doesn't work because the FQDN is not reachable after VM is provisioned.  
  Any way to get that info easily to the user?  

  Hi C. Baum,
  App Controller doesn't have the ability to provide the IP address of virtual machines.
  My recommendation is to have the name of the virtual machine register in DNS -- its much easier for most people to deal with hostnames rather than IP addresses.
  Kind Regards,
  Richard 
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Info About self service password provisioning

  Hi Guys ,
  Does any one got a chance to work on self service password provisioning in OIM 11gr2.??
  If yes ,Please share relevant docs related to same.

  Password expiry period = 90 days with warning of password expiration given to the user at least five (5) days but no more than ten (10) prior to expiry and at every logon during that time
  All Password Resets must be verified through a ‘closed loop’.  That is there must be verification to a service (e.g. eMail address or Phone Number) known only to the system and the user requesting the reset.  Changes should be notified to the User’s Administrator.
  Email should be sent to user on unsuccessful and successful password change .
  Your help would be highly appreciated .

• Good Model for Web Self-service User registration ?

  Trying to build a web self-service user registration module.
  9iAS documentation says 9iAS uses JAZNUserManager that uses jazn-data.xml.
  I like jazn-data.xml because the password is encrypted and works with j_security_check with minimal coding, just need to make entries in web.xml.
  Is this a good model, ie storing web users in jazn-data.xml ?
  Thanks in advance

  You should have a kind of auto-enrollment feature on Sharepoint side where, based on a menu selection, the user will be able to enroll himself and his account will be moved to an OU or added to groups based on the provided details. The problem with this
  is that this is usually the source of duplicated user accounts in AD and it is not easy to apply a kind of control on how users should enroll themselves only one time and also hard to manage and cleanup later.
  You can ask them in Sharepoint forums for more details:
  http://social.technet.microsoft.com/Forums/en-US/category/sharepoint
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Contact Role should be assigned as 'Self Service User'

  Dear All,
  I have requirement while creating contacts for a particular customer, contact Role should be assigned as ‘Self Service User’ Role, so that they are created as user for iReceivables access. Which column in ra_contact_phones_int_all should be populated with what value ??? Is there any API to update the same .
  Any help on this is appreciated.
  TIA.

  Hi All,
  Anyone has an answer for my query ???

• Mass creation of Oracle HR Self Service Users (for access to all employees)

  Mass creation of Oracle HR Self Service Users (for access to all employees)
  Hi all,
  We have Oracle Human Resources 11.5.7 and recently implement Oracle HRMS (Self Service) for the purpose of Online Appraisal System.
  Is there any fast way to create all employees as users of the Self Service instead of creating the users manually one by one in HR?
  I would appreciate any feedback.
  Thanking you in advance.
  Best regards,
  Elena Demetriou
  Hellenic Bank

  Check pages 2-23 and following of the Deploying SSHR Capability V5.2 guide on Metalink. It describes the methods for Batch Creation of User Accounts.

• FIM Portal not taking users. They delete right away

  I'm trying to flow user objects that were brought in from our HR service (an ASP web system) into the FIM Portal. The FIM Service MA is simply exporting them and then deleting them. Why can't they persist in the portal?
  Also, just trying to move a few attributes at the moment.. First, Last, Display (a concat), Employee number.. I have these configured in the attribute flow for the FIM Service MA. The Connected Space for the HR has all of the proper attributes and they are
  in the MV.
  A Full Sync will have 1416 Provisioning Adds
  An Export then has 1416 Adds
  But then the Full Import has 1416 Deletes

  Are you sure they are getting successfully exported? It would be useful to know if they made it to the FIM Service and something deleted them or if they never made it to the FIM Service at all. After you run your export look in the FIM Portal and see if
  the records are there. If they are, then focus on why the import process is not seeing them. If they are not, determine if they never made it in or if they made it in and then were deleted -- you should be able to determine this by looking at the request history
  in the FIM Portal. It might be simpler to diagnose if you test with a single record. Also look at the Windows event logs on the FIM Service machine and see if there is anything interesting there.
  Any chance you have some business logic in the FIM Service that is deleting the records? (You would see this in the request history.)
  Rex

• Access Policy  Vs Self Service triggered provisioning

  Hello Everyone,
  I wanted to know if there is any way to differentiate at the process definition level whether the provisioning process is triggered by Access Policy/direct OIM user create or a Self Service Request??
  Thanks
  N

  There is a column in the table for the object instance database object that contains a link to the access policy object. You can break or create this link if you want or don't want resource to be revoked on "policy no longer applies".
  I don't remeber exactly what the tables are called (OIU?). Perhaps someone else has this info easily available.
  Best regards
  /Martin

• FPM error in Portal Self Service Administrator

  Hi ,
  I created custom application using FPM Framework. I created FPM iviews and FPM application in portal Using Self Service Administrator role.I got the error when trying to create FPM road map steps in the FPM application.
  please find the bellow error.
  The error screens can be found the below links
  http://img638.imageshack.us/img638/3589/fpmerrorinroadmapstep1.png
  http://img139.imageshack.us/img139/7769/fpmerroinroadmapstepcra.png
  The error message is shown.
    java.lang.NullPointerException
      at com.sap.xss.per.fc.persinfo.FcPersInfo.CreateOverview(FcPersInfo.java:1359)
      at com.sap.xss.per.fc.persinfo.wdp.InternalFcPersInfo.CreateOverview(InternalFcPersInfo.java:831)
      at com.sap.xss.per.fc.persinfo.FcPersInfoInterface.CreateOverview2(FcPersInfoInterface.java:333)
      at com.sap.xss.per.fc.persinfo.FcPersInfoInterface.CreateOverview(FcPersInfoInterface.java:316)
      at com.sap.xss.per.fc.persinfo.wd[http://img638.imageshack.us/img638/3589/fpmerrorinroadmapstep1.png][http://img139.imageshack.us/img139/7769/fpmerroinroadmapstepcra.png]p.InternalFcPersInfoInterface.CreateOverview(InternalFcPersInfoInterface.java:327)
  can any one please help me out in resolving tbe issue.
  I have specified the property to true for the appintegrator service

  Hello there,
  This looks mostly like a backend issue, Did you try with a different user ? Are you hiding any fields from the view ?
  -Vivek

• IOP 11.1.2.0 integration with Shared Services (User Provisioning)

  In the IOP 11.1.2.0 install guide, the Admin and Admin provisioning roles are provisioned through Shared Services.
  "Provision Integrated Operational Planning Administrator and Integrated Operational Planning
  Provisioning Manager roles for the Integrated Operational Planning instance to the Admin user through
  Oracle's Hyperion® Shared Services Console
  a. Connect to the Oracle's Hyperion® Shared Services Console; for example, http://
  hss_server:hssserver_port/interop.
  b. Log in as the administrator.
  c. Expand User Directories and Native Directory.
  d. Select Users and click Search.
  e. Right-click the Admin user and select Provision.
  f. Expand Default Application Group.
  g. Expand the Integrated Operational Planning instance created.
  h. Highlight IOP Administrator and Provisioning Manager.
  i. Click the right arrow in the middle of the two windows to select the roles.
  j. Click Save, and then click OK."
  The users and groups are defined in Shared Services, per the IOP 11.1.2.0 admin guide (p. 144).
  Is there an IOP user provisioning example in the shared services user's guide, and which version of the guide would I find that in?
  Access priveledges are controlled from the Admin workbench for IOP users, per p.145 of the IOP 11.1.2.00 user's guide.
  Thank you.

  IOP Roles are listed in the 11.1.2 Shared Services User and Role Security Guide, on page 158:
  Integrated Operational Planning Roles
  Table 39 Integrated Operational Planning Roles
  Roles Tasks per Role
  Provisioning Manager Provisions users and groups with Disclosure Management roles
  IOP Administrator Administers Oracle Integrated Operational Planning, Fusion Edition. IOP Administrators can modify models, access
  ACL pages, and perform all Integrated Operational Planning tasks
  IOP User P erforms Oracle Integrated Operational Planning, Fusion Edition actions as a normal user

• Password Self Service - User receive new Password Email - But link empty

  With Password Self Service we sometimes have users that get the Email with the link.
  But when they open the link it is just an empty page.
  (as if it has been opened before or the password show time has passed)
  Have anyone had this issue?
  Thank you

  Hi Kristian,
  guess you talk about AC 5.3.
  Please check in CUP -> Configuration -> Workflow -> SMTP if you have configured some application url.
  If not, are you using SSL or SSO, there might be an issue then.
  Best,
  Frank

• HRMS Self Service User Comments

  Hi Experts,
  We need to capture user comments displayed in either the REVIEW or the APPROVAL Self Service page for reporting purpose.
  Checked HR tables and Workflow Notification tables, but was not able to find these user comments data.
  Thanks in advance.

  I am extracting data from these three tables along with an activity history view. Note that only comments to "Salary Changes" are stored in the P_COMMENTS of the transaction values table. User comments entered by Personnel actions initiator to approver, or approver's comments do not exist in the values table. Please provide the table name and column name storing the user comments described above if you know their storage location. Thanks.

• Self-service users can mount iso but cannot unmount

  I have 3 tenant groups that can mount iso files to vms located in their clouds (via App Controller 2012 SP1) from a library share but cannot unmount them.  Actions granted to them are:  Deploy, Deploy (from template only), local administrator,
  remote connection, shut down, start, and stop. 
  The library share was originally shared on the server to everyone as read, adminstrators as full control.

  Ok this is not a great solution IMHO.  I believe this functionality needs to be split out.
  The solution for me was granting Deploy (from template), local admin, remote connection, remove, shut down, start, and stop.  Deploy allows mounting of the iso and remove allows unmounting.  Remove also allows vms to be deleted if they are off!!! 
  I can see the thinking here...self-service tenants with the capability to deploy new vms should also be able to remove them (within their tenant group and fabric space).  However, one size does NOT fit all.  These functions need to be split out for
  additional fine grain control. 
  ex:  I would love to allow certain application personnel to mount ISOs but NOT to delete vms.