Provisioning Status

Identity Governance & Administration (IGA) Identity Life Cycle Management
1

Hi,

I tried to provisioned user using CSV file and linked it to AD PowerShell Managed System.

However, the status of the user in FAILED_SAVE.

image
image1589×214 12.7 KB

Additionally, I tried to add attribute to CSV and defined it as well in transformation script. However, there is no value generated.

This is the attribute that I used and already available in OpenIAM.
Classification
Employee Type
Organization
Supervisor

image

image
image1519×273 13.7 KB

Scripts used.
// Adding New Attributes with Conditional Assignment
pUser.classification = StringUtils.isNotEmpty(columnMap.get(“CLASSIFICATION”)?.value) ? columnMap.get(“CLASSIFICATION”).value : “”
pUser.organization = StringUtils.isNotEmpty(columnMap.get(“ORGANIZATION”)?.value) ? columnMap.get(“ORGANIZATION”).value : “”
pUser.employeeType = StringUtils.isNotEmpty(columnMap.get(“EMPLOYEE_TYPE”)?.value) ? columnMap.get(“EMPLOYEE_TYPE”).value : “”
pUser.supervisor = StringUtils.isNotEmpty(columnMap.get(“SUPERVISOR”)?.value) ? columnMap.get(“SUPERVISOR”).value : “”

2

Hi @pamela.gabagat,

1st Issue – Provisioning to AD (Provisioning Status: FAIL_SAVE)

The error you’re encountering during provisioning, indicated by the “FAIL_SAVE” status, typically means that the provisioning action failed at the connector or script level.

To investigate this:

Please check the IDM logs—they will contain detailed error messages explaining why the provisioning failed.

Alternatively, you can go to the User Profile → User History and look for a log entry labeled “Connector Response”. This will show the exact error returned by the connector.

If you need help troubleshooting the issue, feel free to share a screenshot or the stack trace of the error message, and we’ll assist you further.

2nd Issue – Attribute Mapping

Regarding the attribute-related issue:

Could you clarify what you’re trying to achieve?

Have you defined the new attributes in the CSV file and are looking to map them through the transformation script so they get saved in OpenIAM?

If yes, we can help review or modify the transformation script accordingly.

Let us know the specific attributes and your intended outcome, and we’ll guide you through the adjustments.

3

Hi @pradeep.bhalla,

1st Issue – Provisioning to AD (Provisioning Status: FAIL_SAVE)
Below is the log from “Connector Response”. I also attached a screenshot from AD to show that the path attribute existed.

Exception at Program.RequestHandler at invoking PowerShell - ’ System.Management.Automation.RuntimeException: Cannot run user creation as calculated path attribute (‘OU=Switzerland,OU=Users,dc=dmfiam,dc=ch’) either does not exist or is not of container or OU type (or not a root DC location) —> System.Management.Automation.RuntimeException: Cannot run user creation as calculated path attribute (‘OU=Switzerland,OU=Users,dc=dmfiam,dc=ch’) either does not exist or is not of container or OU type (or not a root DC location) — End of inner exception stack trace — at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke) at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync) at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection1 input, PSDataCollection1 output, PSInvocationSettings settings) at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection1 input, PSDataCollection1 output, PSInvocationSettings settings) at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings) at ConnectorRequestRunner.Workers.PowershellWorker.RunPowershellScript(String scriptPath, MessageInfo openIAMRequest) ’

image
image654×201 11.3 KB

2nd Issue – Attribute Mapping

Please see my answers in bold.

Have you defined the new attributes in the CSV file and are looking to map them through the transformation script so they get saved in OpenIAM? Yes

Let us know the specific attributes and your intended outcome, and we’ll guide you through the adjustments. DEPARTMENT, FUNCTION, EMPLOYEE_TYPE, SUPERVISOR and ORGANIZATION.

I attached here the transformation script that we are using.

Transformation Script.txt (5.7 KB)

In addition to the above issues, in our transformation script, we add a condition there to sanitize the email address to convert German and Spanish letters into ASCII friendly equivalent, but we got a VALIDATION ERROR instead.

Thank you in advance for your assistance and support.