This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to properly implement the proccess to make a Identity Manager automated (system) Fulfillment through Access Request

Hi, community.

The scenario I'm facing is, when a Access Request is made and the manager and owners approved, the access requested must be granted to the Initiator without manual intervention. 

I followed the course instructions from Identity Governance and Administration (IGA) Academy and configured the Fulfillment Target of the application to Identity Manager automated (system). However, nothing occurs after the collection + publish, neither the access is granted in the IDM side and neither is show on the Current Access of the user. Also, I could not find any logs towards these changes in the IDM side, not in the driver of this application and neither in catalina.out from UserApp logs.

The requested access keep showing in Fullfillment -> Requests of the Fullfillment Administration User after the collection + publish.

Is there another configuration necessary? Where can i see the logs of these?

Parents
  • 0  

    Did you use the "Identity Manager AE Permission" Collector as an application collector?

    Also you need to configure the following connection information for the provisioning under the "Configuration" tab

    As Diego mentioned, under "Fulfillment/Configuration/Application setup" all the applications need to have "Identity Manager automated (system)"

  • 0   in reply to   

      That is incorrect.  The settings under Configuration -> Identity Manager Configuration  is only utilized for the "IDM Workflow" fulfillment.  The IDM Automated fulfillment utilizes the IDM AE Permission Collector (which means you can only have one (1) IDM AE application source per IG Install

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

  • 0   in reply to   

     It is hard to see from your screenshot (because you blocked part of the value), but if the fulfillment is pending a person then it means that while change (add / remove of permission) was evaluated, it was determined to not to be able o be fulfilled via the IDM Automated fulfilment

    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity 

  • 0 in reply to   

    Hi,   . 

    Thanks for the answer.

    It's pending from the Fullfiller that I added as "fallback" in Fullfilment configuration. 

Reply Children
No Data