Hi All,
I have noticed that Q1IM using Wild Card searches. Currently my environment contains around 500K users. When I search an Employee from Manager like 'oh', it is returning all following users:
John, doe
John, doe1
John, doe2
Grove, John etc. That means Q1IM searching %oh%.
Is there a way to customize search like 'oh%'?
thanks
Hi Team,
I have configured active directory synchronization in D1IM and imported all the user accounts from AD to D1IM.. I see an option in the manager tool to manually link the AD accounts to the Q1IM employee records, and I could successfully link the accounts manually. However I am looking for an automated script to perform the linking. Has anyone come across the script?
Thanks,
Priya
Hi All,
I am seeing "Callback number is required field" in one of our environment(UAT), while changing any attribute on some users. But it worked fine in two environments (Dev, SIT). Currently in UAT we are using Readonly user for AD domain configuration.
Here is the error:
[810077] Active Directory user accounts: Callback number is a required field.
Version: Q1IM 6.1
There is no Callback number existing in my Mapping.
I appreciate your help.
thanks
Gurus,
How do you configure log rotation in ARPortal? In the WebDesigner.ConfigFileEditor.exe, I see the way to change the log file location. But, what is the way to configure log rotation settings (size, number etc).
We are seeing several files in the ARPortal\App_data\Logs directory of size 14KB. We would like to let the file fill up 10MB upto 10 files. How do we achieve that?
Thanks in advance.
Sundar
Hello,
I have below questions on password generation process in QIM;
a) Can someone provide details on the process of generation of password on QIM when a new user is created through a DataImporter Feed.
b) Do we have the concept of password policies to define the rules based on which passwords are generated/expire etc?
c) Also how can we attach password policies to different users so that passwords that are generated comply to specific password policy (can we do multiple password policies based on user type?).
Please point to relevant documentation that can be helpful.
Regards,
Amit
Changing some config properties (e.g. TargetSystem\ADS\ADSContainer\ITDataFrom) results in events which subsequently generate job chains which attempt to update affected objects. This is sometimes not desirable.
Is there any way to disable this either for individual config properties or for all config properties? We could of course change the affected templates to turn off overwrites or disable generation on the appropriate job chains which would be extremely fine-grained but also a bit time consuming and cumbersome. We could also turn on "No Write" for the affected resource(s) and then sync to get the data back in line, but I am not very keen on that because we would need to ensure that no legitimate un-related updates were missed.
Hi there,
i have a question regarding the customizer-methods for the PWO or rather how to insert notices into the table pwodecisionhistory.
What i want to implement is an Option to set some notes into the PWODecisionHistory. Detailed. An approver should not approve or reject a PWO, he/she should create a note such as 'is ordered by Supplier'. This note should be visible in the History-Bubbleview of the Personwantsorg-Information-Popup.
I thougt of something like "QueryToPerson" but without the Query to an Person and without any relation to the running instance of the decisionmethod. It is for information only.
What is best practice?
What should I consider if I write data into the table PWO Decision History without using method calls?
Best regards
Martin
Scenario:
We want to manage the user password centrally for QIM connected systems such that when users are created in QIM their passwords are generated (through QIM), stored on QIM in a secured way and then synchronized with end systems. Solution should be able to store the encrypted passwords on QIM (in case a new target system gets added to the list, it should be able to retrieve the user password and synch it with the target system).
In the existing process, user records are planned to be created from HR into QIMusing scheduled dataImporter script.
Below is what we understand about QIM:
IDM requirements for password synch:
Typically IDM suites have a proprietary way of encrypting and storing the password on IDM system. This is not generally directly accessible to the developers, IDM tool accesses the APIs internally to decrypt the passwords to push to end systems (for security reasons). In our scenario if we decide to store the password in “Central password” attribute and choose to encrypt it we need below 2 things:
Questions:
I am sure that this scenario has been faced by people while implementing Password Sync for connected systems. Just wanted to understand what is the recommended way of implementing password generation, storage on IDM (encrypting and decrypting) and synchronizing the password with the target systems. Primary concern here is maintaining the security of the central password as we need to keep it on QIM and decrypt it as needed for synchronization.
If I want the display value of a foreign-key object, I can do this easily using [d] notation, e.g. $UID_Department[d]$ from Person.
If I want the old value of the UID, I can do this easily using [o] notation, e.g. $UID_Department[o]$.
But how do I get the old object's display value? It doesn't seem to accept $UID_Department[od]$, $UID_Department[o][d]$ or $FK(UID_Department[o]).UID_Department[d]$ all I end up with is the raw uid value.
Is there an easy way to do this, or do I need to explicitly open the object reference by the old UID to get it?
Thanks,
Neil.
We are using Quest one identity manager 6.1 version.
one curious thing which we found was, there are 2 password fields for an user profile centralpassword and password attribute.
The defeinition of these 2 attributes are defined in the designer tool. The irony is the centralpassword attribute has the "Encrypt" option enabled, however in the DB the password attribute is stored in clear case.
for password attribute the "Encrypt" option is not checked but the attribute is encrypted in DB for the user profiles.
Can anyone let me know why is this behaviour in the configurations
Thanks.
Questguy
Is there a 'best practice' recommendation by Quest/Dell how to operate Q1IM in such a quite common scenario as follows?
Consider a person having more than one account within one SAP system (or within one AD domain, which works just as well). Now consider that someone is using IT Shop in order for this person to request membership in some target system group, e.g. some SAP role (or AD group, for that matter). If the user accounts are linked to the same Person object via the UID_Person column of table SAPUser (or ADSAccount, respectively), then Q1IM will assign the requested entitlement to *all* user accounts of the person, which is usually not desirable! When placing an order in IT Shop, it should be possible to specify for which person and for which account the requested entitlement is meant to be given. Is there a configurable setup within the standard product how such a behaviour can be accomplished? If not, what are the recommended steps for customization, e.g. which standard process chains need to be modified, or is there even a need to change the algorithm run by the DBScheduler for computing the inherited entitlements of a person?
Again, I consider this a quite common scenario in the IAM world for which Quest/Dell should have a solution ready at hand. Or may I ask existing Q1IM customers how they have overcome this problem...? Suggestions are welcome! 
Hello,
I am trying to schedule a Job that runs a process. While configuring the Process, I have specified the server mask as "Master SQL Server" but I get an error message while trying to run the process. "There is No server that can fullfil the server mask". Not sure what I need to provide here .. just trying to run a Process that triggers a script.
Need to understand how the server mask is resolved and what I need to specify in the server mask when I am running all the Q1IM components on one VM.
Any help would be appreciated.
Regards,
Amit
Hi All,
I have configured Job Service log with 'Warning'. In one of my script i have given code like this:
Job Service Configuration --> Log severity=Warning
RaiseMessage(MsgSeverity.Info,"Display this text in job server log file")
When I executed above script (through process), message is written into log file. How can i configure Job server, not to record this message.
thanks
Rob.
When I executed this script (through process), message is written into log file. ##
Hello,
I managed to configure a process which sends a mail notification to a person's manager when persons's product(Profile or Role) expires.
I would like to know how could I regroup several notifications coming the same day and addressed to the same manager in only one mail instead of sending all these notifications one by one to this manager.
Actually I'am using a Process wich is bind to PersonWantsOrg table. This process starts every night and run through the PersonWantsOrg table by sending notifications if it's needed. I'm not sure that by using this method I could regroup mail notifications.
Do you have any idea or any advice?
Best regards,
Anton
We are looking to setup the Web Portal in such a way that Business Roles can be requested. This is fine out of the box as we can just turn the roles into resources and products.
Going forward however there is a concern about the maintainability of this, as Business Roles will change and be added/deleted over time, so we were wondering if there was a way to effectively make the role class a product and then have all of the roles available as a selection. I cant see a way to do this, however I do note that the DGE edition has something similar in that you can select file access from a selection that is then populated.
Does anyone know of a way to make the Product selection more dynamic and not be constrained to static products?
Hi All,
the problem is that all other processes must wait, until rebuild table index ist finished !!!
can someone help me to analyse the problem, why does rebuild table index takes so much time?
is there a way to start rebuild table index manually for testing?
thank you and happy new year !
after 3 min
Dear all,
in the standard vi-script VI_PersonAuto_ADS the AD attribute "Inittials" is copied to person attribute "Middlename" (in case of "Search and Create" configuration):
VID_PutValueSafe(Person, "MiddleName", Acc.GetValue("Initials").String)
Is this a well-definded feature or is this a bug? I would expect that the initials attribute is going to be copied to corresponding person initials attribute:
VID_PutValueSafe(Person, "Initials", Acc.GetValue("Initials").String)
Regards,
Thomas
Is there an easy way to get the current decision to be made for a PersonWantsOrg request via SQL? I'm trying to put together a view so that you can see the current decision that's being waited on for open requests.
Hello
We have had a few situations where team member A will be working on script/process X at the same time team member B is also working on script/process X. Team member A updates X with his/her changes and then team member B updates X with their changes. Team member B's changes will overwrite Team member A's. How do we prevent this going forward? Is there a way to version control these objects and have checkouts/merges on the objects? This issue is causing to have productivity delays and quality issues.
David
I'm trying to display some standard columns in a generic form on Manager, however they are all set with a "SortOrder" of 0, so the generic form doesn't display them. Is it possible to override what is displayed, without changing the DialogColumn.SortOrder?
Thanks,
Neil.