Is it possible to incorporate a "Manual Over-ride" feature in FIM 2010? i.e. during a target sync, skip the MV entry. (Network Steve Forum)

Is it possible to incorporate a "Manual Over-ride" feature in FIM 2010? i.e. during a target sync, skip the MV entry.

We are stuck on a FIM design.

We have a column in our SQL feed table to FIM MV named "ManualAction"

What we want to happen is that if this column has the value "YES" then FIM will not synchronize the MV entry to attached sources e.g. AD and FIM Portal.

If we try connector filter-ing on column ManualAction equals YES we either disconnect and preserve the MV attributes provided or disconnect and nullify those MV attributes. This is not what we want.

We want somehow to instruct FIM not to synchronize this MV entry if MV.ManualAction == YES

Could this be do via a Rule extension somehow??

The point of the Manual flag is that an Administrator may set one or more attributes in an AD account deliberately and does NOT want them overwritten by FIM even though the usual authoritative source value differs...

What we are thinking is ... is it possible to instruct FIM to 'skip' this MV entry at target resource(s) sync time.

I admit, I am not optimistic but I thought I could ask the FIM experts.

March 30th, 2015 9:56am

You can modify the code as required, either you canput in a condition like "Destination Connectors Count" in which if the "Destination Connector Count = 0" which means a new user is getting provisioned and at that time "MV.ManualAction ==YES" should be used and if the "Destination Connector Count = 1" which means the user is already provisioned so, this time if "MV.ManualAction ==YES" comes, then code can do nothing and skip the condition.

Free Windows Admin Tool Kit Click here and download it now

March 30th, 2015 10:40am

Hello,

you can do this for normal MA in some more and maybe granular ways.

consider to sync the ManualAction also to MV and use this in manual precedence code of attribute flows in combination with lastwriter/contirbutor of the attribute.
With this you have the manual attribute values from ex. AD also in MV and so in Portal.
This is more granular because you can only have a override on the attributes you need while flowing other attributes by normal sync.

Portal is a bit restricted as you can not control the provisioning and attribute flows with code. Whats in your MV will be providioned and exported to Portal 1:1 (if there are flows of cource).

To have advanced flows on Portal MA you can implement a solution called replay MA.

See: https://unifysolutions.jira.com/wiki/display/FIMTEAMCOM/2014-01-22+-+FIM+Replay+MA

March 30th, 2015 11:20am

This topic is archived. No further replies will be accepted.