It is not fully clear from you question which ISVG component you are using - but as you mention "adoption/provisioning policy" I assume you are using the Identity Manager component (aka as ISIM in earlier versions).
Can you please clarify why you cannot write an adoption policy ? Be aware there are 3 levels of adoption policies :
- under "Configure System" "Global Adoption Policies" you can define a fully global policy (Service type ="*") or per specific Service Type
- Specific adoption policy for a Service is under "Manage Policies" "Manage Adoption Policies"
You cannot write a provisioning policy for a service - that is not how Identity Manager works. The entry point for any provisioning policy is an Organizational Role - these can be Static (person are added/removed by some action) or Dynamic (persons are added based on person object attributes).
When you create a provisioning policy you start out defining the population ("Members") - which in most cases should be a role - there are "special" roles such as "All users in the organization" - do not use those unless you know what you are doing - Organizational Roles are what you want to drive the process.
The entitlement is then where you point to the services you want to user - and that is here most people are having problems. First - you should use "Specific Service" in most cases (the other options are coming with a can of worms and only if you are really understanding how the system is working you can utilize the other options). If the service is not showing up it is because you are trying create a policy in a ISIM organizational container (e.g. Organizational Unit) that is not in the same or above the container your service is residing in - go back to the "General" policy folder and fix that (you should design an OU structure BEFORE starting provisioning activities..)
Each entitlement will then carry 0 to N parameters where you specify the behavior of the policy EVALUATION - the policy enforcement specified on the Service entity will perform what you need (default is "Mark" - to have automated closed loop provisioning the service will need to "Correct Compliance"..
This is very short intro to Provisioning Policies - please go through the formal documentation and other resources available on the WWW if you need to deep dive into it.
HTH
------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------
Original Message:
Sent: Sun April 24, 2022 09:01 AM
From: Rushikesh Warade
Subject: Active Directory integration with ISVG10
We are performing Active Directory integration In ISVG 10
Test connection is successful.
Groups are recon successfully
Accounts are adopted
We are facing the below issue:
We are not getting where we can write an adoption policy.
Where we can write provisioning policies for Active Directory(By default Active Directory creation policies default attributes are there but we want to add some more attributes like manager, sAMaccount name etc. and auto-populate values)
How to update/add manager attribute in ISVG(In User profile)
------------------------------
Rushikesh Warade
------------------------------