Reconciliation Workflow

Similar Messages

• Control/Trailer Record - use Pre-Reconciliation Workflow?

  preface: I am NEW to IdM.
  Would a best practice for verifying a control record in a flat file used for reconciliation be the use of the pre-reconciliation workflow? For instance, one implementation of the control record is a trailer record which indicates the file contents are complete. Other possibilities include verifying the control record outside of IdM with a script or implementing some other mechanism like a checksum on the file and do a verification prior to the reconciliation starting. Any assistance would be greatly appreciated.

  I vaguely remember encountering this last year and it was because the system did not recognise a blank value for the formula to work. What you ended up with was
  <> 0-3 AND ECR=0-3
  Can you put in a default value of "please select" that way when you change it to 0-3 the formula will go
  please select <> 0-3 AND ECR=0-3 and it will trigger
  cheers
  Alex

• Get IdM accountId in per-account reconciliation workflow

  I'd like to get IdM accountId in per-account reconciliation workflow. But $(accountId) just returns the resource's id, e.g. CN=ABC 001,OU=IT,DC=ABC,DC=COM. How can I get the IdM accountId, e.g. abc001, in the workflow, so that I can modify the user's view?

  Hi Anders,
  Yes this is a tricky one, here's some code to get the IdM accountId given the resource accountId, hope this helps.
  <Rule name='Find AccountId Given Resource ID and Identity'>
          <RuleArgument name='resourceIdentity'/>
          <RuleArgument name='resourceId'/>
          <rule name='RuleLibrary_UseCase2:Find AccountId Given Lighthouse Attr'>
            <argument name='attrName' value='resourceAccountIds'/>
            <argument name='attrValue'>
              <concat>
                <ref>resourceIdentity</ref>
                <s>@</s>
                <ref>resourceId</ref>
              </concat>
            </argument>
            <argument name='comparison' value='equals'/>
          </rule>
        </Rule>
        <Rule name='Find AccountId Given Lighthouse Attr'>
          <RuleArgument name='attrName'/>
          <RuleArgument name='attrValue'/>
          <RuleArgument name='comparison'/>
          <block>
            <defvar name='queryOptions'>
              <new class='com.waveset.object.QueryOptions'/>
            </defvar>
            <invoke name='addOrderBy'>
              <ref>queryOptions</ref>
              <s>name</s>
            </invoke>
            <invoke name='setBuffered'>
              <ref>queryOptions</ref>
              <Boolean>true</Boolean>
            </invoke>
            <invoke name='setOnlyNames'>
              <ref>queryOptions</ref>
              <Boolean>true</Boolean>
            </invoke>
            <invoke name='addCondition'>
              <ref>queryOptions</ref>
              <new class='com.waveset.object.AttributeCondition'>
                <ref>attrName</ref>
                <cond>
                  <ref>comparison</ref>
                  <ref>comparison</ref>
                  <s>equals</s>
                </cond>
                <ref>attrValue</ref>
              </new>
            </invoke>
            <index i='0'>
              <invoke name='toList'>
                <invoke name='listObjects'>
                  <invoke name='getLighthouseContext'>
                    <ref>WF_CONTEXT</ref>
                  </invoke>
                  <invoke name='findType' class='com.waveset.object.Type'>
                    <s>User</s>
                  </invoke>
                  <ref>queryOptions</ref>
                </invoke>
                <s>name</s>
              </invoke>
            </index>
          </block>
        </Rule>

• Reconciliation with custom workflow

  Hello,
  I have a resource with Proxy Admin for reconciliation.
  The Proxy Admin's UserForm is my custom UserForm that has a
  <Field name='viewOptions.Process'> element with my custom WorkFlow.
  When I login as Proxy Admin and try create a User in "Examine Account Index" applet, it execute my WorkFlow and everything is fine.
  But when I want "Full Reconciliation" it execute my UserForm with some other WorkFlow, not my WorkFlow.
  I try to debug it with NetBeans and I see that the custom UserForm is processed, but my WorkFlow isnt executed.
  I use IDM 8.1 with last patch.
  Is it IDM or my fault?
  Can i execute custom reconciliation workflow other way (like ActiveSync "run-this-workflow-instead-of-everything" field)?
  ActiveSync is not supported my connector.
  Thanks
  Wbse

  Hello again,
  I try reconciliation on IDM 8.0 and 7.1 versions with same result (I try it with database-table and xml-file connectors).
  My Proxy_admin can create the accounts fine with CustomForm and CustomWorkFlow if I do it manual on WebUI.
  I don't understand if the Reconciliation process using my Form, why don't execute my Workflow defined in <Field name='viewOptions.Process'>.
  Does Reconciliation require some other Field? Or Reconciliation ignores all custom WorkFlow?
  I try it to resolve with Per-Account-WorkFlow, but I think it is not the good result.
  Thanks
  Wbse

• Reconciliation of certain user

  I need to execute the reconciliation process on a set of users(read from a list). Is writing a custom reconciliation workflow the only option or i can edit the reconciliation policy for that resource for the same?

  When you say that you have more than 300 servers, I assume that you have created those many *(multiple)* IT resources in OIM and provisioning to them. Now since these are different machines so you may be populating the same User ID in these machines for the SSH resource profile.
  The reason why I concluded that is due to the fact that their were 10 process matches found and that's only when the key field must be the same for all of the profiles. If you have did it same then here could be the solution:
  - Go to Process Definition for SSH User and see the reconciliation Field Mappings
  - Users.UserLogin must be defined as the key field.
  - Look for Users.ITResource if it's there and also make it as a key field.
  This is OOTB in the latest connector pack. Which version are you at ? If you are at an older version then this should make you through. Else update the post.
  Thanks
  Sunny

• PCard Authorisation Step

  Just a question re Pcards and the reconciliation process.
  After loading the statement, the workflow agent for the reconciliation workflow is identified by the entry in the card master.
  The second approver agent in the pcard master is required for the authorisation step.
  Is it possible to omit the second approval and take the reconciliation step as the final one required?

  Sorted it myself.
  In the PCard master, the entry for Approval2 (BBP_PCMAS-PCAP2LIM) needs to be maintained with a high value.
  Any value below this will get automatically posted to financials. Anything above it will go on for approval.

• Reconcile with email Notification

  Hi,
  I am trying to send an email notification when reconciliation between IDM and resource is taking place. I am using the notification.redirect parameter defined in the waveset.properties file to capture the email contents in a flat file eg. c:/email.txt.
  In the Edit Reconcile Policy, i am using post reconciliation workflow as "Notify Reconcile Finish"
  I am modifying the waveset.properties file as notification.redirect = c:/email.txt
  After reconciliation, no such file is created.
  Note: I am not changing anything else ...
  Can anybody help me out
  Thanks in advance

  did you receive a reply on that point ?
  I wonder if the notification connector can be customized and used for reconciliation

• Process Password Expiration

  I wish to know how can I search for users who have certain password expiration date.
  For example, base on the date, I would like to send different emails to user. 1 months before expiration date, user receives a reminder email, 7 days before expiration date, user receives a warning email.
  I don't want to scan one by one all the users, get user object, then get the expiration date and do the comparison. I think this is too slow for a big number of users.
  Is there any faster way? for example by using attribute condition? How?
  Thank you,
  Steve

  I've done this a couple times using the per-account reconciliation workflow. Its certainly not glamorous, but it does work.
  The requirement was to notify AD users one moth and one week before password expiration. Reconciliation was run nightly against AD and I added a per-account workflow. The workflow checked the account expiration attribute and calculated how far it was away from today. If it was 30 or 7 days, I send an email reminder to the user.
  The solution did not significantly impact performance. A couple things you'll need to keep in mind. One, add a bunch of conditions up front to keep the speed up. Two, the variable userName is available in the per-account workflow when the recon condition is MATCHED. Finally, you're bound to your reconciliation schedule, so you may have to do some conditionals to make sure you aren't reminding people every night or every week.

• Create User under a particular organization

  Hi,
  After running reconciliation i need to create the UNMATCHED users in IDM under a particular organization.
  I have configured the reconciliation policy to create the user in IDM.
  By default it is creating the user under Top organization. But i need to create it under a particular
  organizantion without using a custom post reconciliation workflow.
  Can anyone of you experts suggest?
  Edited by: jjIDM on Feb 4, 2009 11:15 PM

  Hi,
  You have to set proxy administrator in Reconcillation Policy and assign a form to that proxy admin.
  u have to write this code in that form which you have assigned to proxy admin.
  <Field name='waveset.backgroundSave'>
  <Display class='Hidden'/>
  </Field>
  <Field name='waveset.organization'>          
       <Expansion>
       <block trace='true' name='kkkkkkkkkk'>
       <s>Organization Name</s>
       </block>
       </Expansion>
  </Field>
  Then run your reconcillation Process from the Proxy Admin.
  Edited by: negiqueries on Feb 5, 2009 7:49 AM

• Post-Recon

  hi guys, I am calling a simple 'Hello World' WF in 'Post-Reconciliation' option in 'Edit Reconciliation Page'. But I am getting error saying that
  An error occurred in the post-reconciliation workflow:
  Hi World Any ideas on how to resolve this . . .

  hi  raj
  in the control data tab in the reconciliation acct for acct type keep the box blank and select post automatically in the next tab
  regareds
  sayeed

• Single account reconciliation within a workflow

  Hi all,
  I need assistance, I'm trying to reconcile a single account within a workflow.
  I use the following code, but IDM performs a full reconciliation instead of to reconcile the specified account:
  --<Action id='0'>
  --<expression>
  --<block>
  --<set name='reconView'>
  --<new class='com.waveset.object.GenericObject'/>
  --</set>
  --<set>
  --<ref>reconView</ref>
  --<map>
  --<s>request</s>
  --<s>ACCOUNT</s>
  --<s>accountId</s>
  --<ref>MyID</ref>
  --</map>
  --</set>
  --<invoke name='setId'>
  --<ref>reconView</ref>
  --<s>Reconcile:MyResource</s>
  --</invoke>
  --</block>
  --</expression>
  --</Action>
  --<Action id='1' application='com.waveset.session.WorkflowServices'>
  --<Argument name='op' value='checkinView'/>
  --<Argument name='view'>
  --<ref>reconView</ref>
  --</Argument>
  --</Action>
  Anyone can please help me?
  Thanks you in advance, and best regards
  David.

  The problem is solved. I create a view instead of to create a generic object.
  Here is my code:
  <Activity id='7' name='Reconcile single account'>
          <Action id='0' name='Create Reconcile View' application='com.waveset.session.WorkflowServices'>
            <Argument name='op' value='createView'/>
            <Argument name='type' value='reconcileView'/>
            <Argument name='viewId' value='ReconcileViewer'/>
            <Variable name='view'/>
            <Return from='view' to='reconView'/>
          </Action>
          <Action id='1' name='Set ReconView Attributes'>
            <expression>
              <block>
                <set name='reconView.request'>
                  <s>ACCOUNT</s>
                </set>
                <set name='reconView.accountId'>
                  <ref>myAccountId</ref>
                </set>
                <invoke name='setId'>
                  <ref>reconView</ref>
                  <s>Reconcile:myResourceName</s>
                </invoke>
              </block>
            </expression>
          </Action>
          <Action id='2' name='Checkin Reconciliation View' application='com.waveset.session.WorkflowServices'>
            <Argument name='op' value='checkinView'/>
            <Argument name='view' value='$(reconView)'/>
          </Action>
          <Transition to='end'/>
          <WorkflowEditor x='502' y='201'/>
        </Activity>

• Create User Workflow & Reconciliation

  How do I add an approval for users created via reconciliation? It appears that reconciliation does not use the Create User workflow.

  The per-account workflow is executed after an account is created during reconciliation. I want to hook-into the account creation process and add a approval prior to the account getting created.

• Customized form/workflow in reconciliation

  Hi!
  I'm using IdM 7.1 and I have some troubles with setting up the reconciliation.
  I have an authoritative AD resource and I need to have customized forms/workflows for spreading changes detected on this resource to IdM and other resources. I would like to use reconciliation, but I don't know where to define, which workflow/form is used for creating, updating or deleting user in reconciliation process.
  I tried to define new ProxyAdmin with assigned customized UserForm and assign this ProxyAdmin to reconciliation process. But this seems to not work.
  Thanks for your help.

  Hi
  have you been able to solve this problem regarding the "User Form --- Workflow" relationship?
  I am having the same problem at the moment; I've posted it here on the Forum, but have not received any replies yet.
  I have created and customized user forms. But now, I am trying to create Workflows, which will act as a "continuation" of the entire process.
  In other words, I am trying to find out exactly how the relationship between the Forms and the Workflows should be created?
  What code should be written in the Forms themselves, so that once the form is Saved and Submitted, the process will move on straight to the Workflow, and execute whatever activities are coded there?
  How can this be done?
  Thanks

• Credit Card Reconciliation

  Where does Credit Card Reconciliation Occur, and which form it is suppose to be interfaced with?
  The solution will provide a function to reconcile these card-level adjustments with the associated card balances displayed on A Bank provided reports. If an agency-level download capability is added, all activity will be imported into the financial solution on a daily basis. After cardholders have entered individual charges, the system will allow an effective, workflow-managed reconciliation process.

  These are user-to-user forums, you are not talking to Apple here - I've asked the hosts to remove your email address and phone number from your post.
  You can contact iTunes support via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption
  To try and stop it happening again you can turn off in-app purchases on your phone via Settings > General > Restrictions > In-App Purchases 'off'

• Single account reconciliation performing full reconciliation

  Hi,
  I am trying to perform single account recon againt a Database table with in the workflow but some how it is performing the full reconciliation.
  This is what I am doing
  +<Action id='0'>+
  +<expression>+
  +<block>+
  +<set name='reconView'>+
  +<new class='com.waveset.object.GenericObject'/>+
  +</set>+
  +<set>+
  +<ref>reconView</ref>+
  +<map>+
  +<s>request</s>+
  +<s>ACCOUNT</s>+
  +<s>accountId</s>+
  +<ref>Id</ref>+
  +</map>+
  +</set>+
  +<invoke name='setId'>+
  +<ref>reconView</ref>+
  +<s>Reconcile:DatabaseTable</s>+
  +</invoke>+
  +</block>+
  +</expression>+
  +</Action>+
  +<Action id='1' application='com.waveset.session.WorkflowServices'>+
  +<Argument name='op' value='checkinView'/>+
  +<Argument name='view'>+
  +<ref>reconView</ref>+
  +</Argument>+
  +</Action>+
  Any ideas why it is performing full reconciliation, don't understand what I am missing.
  Any ideas please..
  Thanks in advance

  The problem is solved. I create a view instead of to create a generic object.
  Here is my code:
  <Activity id='7' name='Reconcile single account'>
          <Action id='0' name='Create Reconcile View' application='com.waveset.session.WorkflowServices'>
            <Argument name='op' value='createView'/>
            <Argument name='type' value='reconcileView'/>
            <Argument name='viewId' value='ReconcileViewer'/>
            <Variable name='view'/>
            <Return from='view' to='reconView'/>
          </Action>
          <Action id='1' name='Set ReconView Attributes'>
            <expression>
              <block>
                <set name='reconView.request'>
                  <s>ACCOUNT</s>
                </set>
                <set name='reconView.accountId'>
                  <ref>myAccountId</ref>
                </set>
                <invoke name='setId'>
                  <ref>reconView</ref>
                  <s>Reconcile:myResourceName</s>
                </invoke>
              </block>
            </expression>
          </Action>
          <Action id='2' name='Checkin Reconciliation View' application='com.waveset.session.WorkflowServices'>
            <Argument name='op' value='checkinView'/>
            <Argument name='view' value='$(reconView)'/>
          </Action>
          <Transition to='end'/>
          <WorkflowEditor x='502' y='201'/>
        </Activity>