Anonymous_User Absent Member.
Absent Member.
206 views

eMail new user with attachment


Adding another agency to our IDM. These users all have their existing
AD accounts. Only select user, based on Group membership, will be
synced to our vault.

Would like to send a user that is successfully added to the identity
vault an email, preferably with an attachment.

Guidance would be appreciated.



Chad


--
ncisrael
------------------------------------------------------------------------
ncisrael's Profile: https://forums.netiq.com/member.php?userid=769
View this thread: https://forums.netiq.com/showthread.php?t=52297

Labels (1)
0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: eMail new user with attachment

On 11/25/2014 03:14 PM, ncisrael wrote:
>
> Adding another agency to our IDM. These users all have their existing
> AD accounts. Only select user, based on Group membership, will be
> synced to our vault.
>
> Would like to send a user that is successfully added to the identity
> vault an email, preferably with an attachment.
>
> Guidance would be appreciated.


Since your subject only mentions the e-mail, I presume the rest works.
Add a publisher-channel policy in (for example) the Command Transformation
policyset (to ensure placement succeeds at least) checking for operation
of 'add' and objectClass of User and then send an e-mail from policy.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: eMail new user with attachment


Yes, I've got everything else working correctly.

What i'm taking from your response and was unclear of was if it makes it
to the Command then the add was successful.

I'll test it out today.

thanks
Chad


--
ncisrael
------------------------------------------------------------------------
ncisrael's Profile: https://forums.netiq.com/member.php?userid=769
View this thread: https://forums.netiq.com/showthread.php?t=52297

0 Likes
Knowledge Partner
Knowledge Partner

Re: eMail new user with attachment

On 11/26/2014 10:54 AM, ncisrael wrote:
>
> Yes, I've got everything else working correctly.
>
> What i'm taking from your response and was unclear of was if it makes it
> to the Command then the add was successful.


On the Sub channel, sending users IDV->AD what we usually do is wait for
the <status> event to return in the ITP and look for the
<add-association> event, (Which is sibling to the <status level="success">)

On the Pub channel, you should get a <status> success back that you
should be able to process in the Sub-Event, and if in the Pub-Command
you tag the <add> events with some op-data, then in the Sub-Event you
could react to the success message. (Or fail message).

Sub-Event
if operation = status
if operation property from-add=true (or whatever you set)

then actions are Do send email or whatever.

If XML attr level equal "success" maybe? Maybe something else if XML
attr level not-equal success?


0 Likes
Knowledge Partner
Knowledge Partner

Re: eMail new user with attachment

Geoffrey Carman wrote:

> On the Pub channel, you should get a <status> success back that you should be
> able to process in the Sub-Event, and if in the Pub-Command you tag the <add>
> events with some op-data, then in the Sub-Event you could react to the
> success message. (Or fail message).


Almost. Status messages as a result of publisher commands cannot be seen on the
subscriber channel, but in output transforms (similar to what you describe for
status messages resulting from subscriber commands in input transforms).

So set all user data you need in your email template (mail addres, maybe name
or other user attributes) as operation properties in a publisher policy (I'd
put it into a creation policy if it only affects add commands, or into a
command transform if you want to use this op-data e.g. with modifies as well
now or later).

Then in an output transform, do what Geoffrey suggested:

> if operation = status
> if operation property from-add=true (or whatever you set)


you need to have all data for sending the email as operation properies, as
status messages do not come with association or src-dn.

> then actions are Do send email or whatever.
>
> If XML attr level equal "success" maybe? Maybe something else if XML attr
> level not-equal success?


We ususally implement two email templates: one for success and another for
errors. Could be different recipients, too: user on success (so he/she knows
the account can be used. Maybe include a link to password self-services if PW
has to be changed) admin on error (so the issue can be fixed, hopefully leading
to a subsequent success user mail).
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: eMail new user with attachment

Lothar Haeger wrote:

> you need to have all data for sending the email as operation properies, as
> status messages do not come with association or src-dn...


....that would allow querying for additional attributes in the policy sending
the email. You could set an operation property "association" or "scr-dn",
though and use that for later lookups instead.
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.