User Provisioning Automation: ISS Scheduled Sync?

 6 Replies
 3 Subscribed to this topic
 60 Subscribed to this forum
Sort:
Author
Messages
amberale7
Basic Member
Posts: 5
Basic Member

    I am working on automating our User Provisioing process. I have an IPA that creates the actor, assigns the roles, creates the SSOP identity, adds the SSOP Identity to the Actor, Links the Actor to the Employee/Candidate Agents, and Creates the Actor Contexts/UserProfile in Landmark. Once this is done the SSOP is created in Landmark, but the user can't access the system. It isn't until I run the ISS sync and that SSOP identity is pushed to ISS that the user has access. What are my options here? Basically I'm trying to get away from uploading a CSP file everyday and would like to completely automate this. Is it possible to schedule an ISS sync right after the IPA runs? Or other suggestions on how we can automate the creation of these identities so that this works from start to finish with no manual intervention needed? 

    humansince1982
    Basic Member
    Posts: 4
    Basic Member
      You could run a list based sync after creating the user and adding the identities, etc.
      amberale7
      Basic Member
      Posts: 5
      Basic Member

        Sorry for my ignorance, but what is a list based sync? Is that different than the full sync in ISS? Is it possible to schedule it? If not, it sounds like we would just be replacing uploading the CSP file with running the sync. 

        amberale7
        Basic Member
        Posts: 5
        Basic Member

          I found the list based sync information in the user guide. This sounds like it should work. I just need to create the xml file and a node for the windows command in the IPA. Thank you!

          adnan512
          Advanced Member
          Posts: 24
          Advanced Member

            I am not sure why your user are having issues logging into the system. Are you creating user on LSF side also. I have an IPA that will setup user in LSF and Actor in LMK and users are able to login. We currently don't do ISS sync on a scheduled basis just periodically when needed. We only use CSP to create batch users only. Have you found anything  that ISS sync process is fixing in order for user to login.

            Jake Michael
            New Member
            Posts: 2
            New Member
              A solution that has worked for our clients in the past is to have the IPA flow build a file containing all new users it creates, and then kick off a list-based sync at the end of the flow.

              Jake Michael
              Intellias
              Jmichael@intellias.net
              amberale7
              Basic Member
              Posts: 5
              Basic Member

                Hi Adnan. The user was not able to log in because I was only creating them on the Landmark side so I needed to push them to LSF before it would work. The List Based Sync does work for this.

                Jake, thank you. I did get a test xml file to work for the List Based Sync. At first it wasn't working because I was using "local"  instead of "remote" around the rec id. Now I'm just struggling to  run ssoconfig from within the IPA. I think I need to set up a system command connection to LSF. I'm pretty sure I have the right LSF Web/RMI Root, but I am getting a Login failed error. I'm using my inforbc credentials because I don't have the lawson password. I'm wondering if I don't have the right permissions. Any ideas? 

                Edit: System Command Configuration must be set up with lawson credentials. I opened a ticket with support and they were able to configure this. I should have everything I need now. Thanks to everybody in this thread for your help and feedback!