Overview:
If the attribute type is selected incorrectly, it can cause issues in the mapping process.
To ensure success, follow the provided step-by-step instructions.
In this document we cover these topics.
1.Understanding Attribute Mapping Behavior (with Example)
2.How to Adjust Attribute Mapping Settings
2.1 Navigate to the Policy Map
2.2 Edit the user policy
2.3 Activating vs deactivating attributes
2.4 Determine the type of an attribute
3.Verification of Changes to the Active Directory Machine
- 3.1 Accessing Active Directory Users and Computers
1.Understanding Attribute Mapping Behavior (with Example)
In this example, we assigned a Phone Number to a user using the attribute type Telephone Number in OpenIAM.
However, this information did not appear in Active Directory as expected.
Additionally, even when using the Attribute Editor, the Telephone Number cannot be found, even after setting the filter to optional.
note:
Each attribute we define in OpenIAM is linked to an attribute in Active Directory.
For instance:
the EmailAddress in OpenIAM corresponds to the mail attribute in Active Directory.
note:
The type is something that is the same in Groovy script and in our Groovy script, which is EmailAddress.
2.How to Adjust Attribute Mapping Settings
To address the issue of why the Cell Phone type is not mapping, there are a few steps you can take to troubleshoot:
The type of Phone Number is identified as a Cell Phone.
We need to determine if the Cell phone is currently active in the Attribute Mapping and, if it is active, identify which attribute it is mapped to.
2.1 Navigate to the Policy Map
locate the Provisioning tab in the main menu.
Then go to Manage System.
Select the AD PowerShell Managed System.
Click on Edit.
note:
In every Managed System, there is a designated Policy Map.
2.2 edit the user policy
navigate to the user policy section
select the Edit option.
2.3 Activating vs deactivating attributes
Here, you can see some attributes are currently active.
To deactivate them, click on Edit, and then you can change the status to either active or inactive as needed.
Here, you can observe that the OfficePhone is associated with a Telephone Number and is currently active.
So, based on our setup when we are creating a user, we should make sure to choose OfficePhone as the type for the Telephone Number.
2.4 Determine the type of an attribute
Now we should verify whether the type of attribute we are using is correct or not
We searched for the name of the user that wanted to connect to the attribute.
switched to the classic view
Click edit
change Cell phone to Office Phone.
click on Save
3.Verification of Changes to the Active Directory Machine
3.1 Accessing Active Directory Users and Computers
Login to your Active Directory machine.
Press Windows + R .
Type dsa.msc and press Enter.
This opens the Active Directory Users and Computers console.
Please navigate to your domain
based on our setup: Saeigroup.local is our domain
based on our setup: SaeiUsers is our Organizational Unit
then click Refresh
select the user you added the attribute to
When you click on the user
you should see the updated Telephone Number field reflecting the changes.
_🎉 Congratulations! The attribute mapping has been successfully configured. _
However, you may notice that the Telephone Number field combines the Country Code and Area Code, which is not ideal.
To adjust the formatting behavior, please refer to the following guide:
Top comments (0)