Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.


Pending Export Report capability required to target directory

Bob Bradley 1 year ago in UNIFYBroker/Plus updated 1 year ago 1

There is already a Test Mode concept but this appears to be limited when it comes to providing a pre-execution reporting mechanism for ANY pending change to a target system.

Existing MIM Best Practice has incorporated this capability for many years, and the equivalent is now required in the Broker+ and UNIFYConnect platforms

Under review

Test harness for Adapter and Link PowerShell Transformations

Bob Bradley 1 year ago in UNIFYBroker/Plus updated by Matthew Davis (Product Manager) 1 year ago 1

In order to support the unit testing requirements for transitioning PS solutions on Broker+ to the UNIFYConnect hosted platform, a test harness is required for all PowerShell transformations.


Outgoing pre-provisioning task is called for some joined users

Adrian Corston 1 day ago in UNIFYBroker/Plus updated 1 day ago 2

In my customer's TEST environment they are seeing AD sAMAccountName being updated for existing users where the join criteria are met.  The only place where the sAMAccountName is set is in the outgoing pre-provisioning task, which should not be called for existing joined entities.

I have also seen a second confirmation that the task is being called for pre-existing users: the "AD Account Creation" notifications being repeatedly sent for a large number of entities every time a Baseline Sync is performed.  The only place where that notification is sent is in that same outgoing pre-provisioning task.


Invalid link joins after adapter entity deletion leads to unjoinable locker

Adrian Corston 3 days ago in UNIFYBroker/Plus updated by Matthew Davis (Product Manager) 3 days ago 0

When an adapter entity is deleted any persistent joins remain and block subsequent joins to remediated data.

Steps to reproduce
1. Configure a Link with outbound provisioning and persistent joins configured
2. Import an adapter entity that is intended to join a locker entity, but which is missing its join criteria field value
3. The link will provision a "duplicate" record (thereby creating an internal "Join" for the newly provisioned adapter entity)
4. To clean up the duplicate, delete the SoT for the "duplicate" adapter record and update the "intended" record to have a correct join criteria field value
5. Attempt to join the locker to the newly corrected adapter entity - it fails and re-provisions the "duplicate" record again


Inexplicable 'Source entity shared a join target with another source entity'

Adrian Corston 4 months ago in UNIFYBroker/Plus updated 4 months ago 5

I am seeing this familiar error:

(Baseline synchronization failed with the message "Source entity '93fe60b9-05ba-4b92-b167-80738bdad66a' shares a join target with another source entity: '695411ab-e878-4ae2-9e39-f04267ac6767'. Cannot proceed with join.". See logs for more details.)

I can't see why this is the case - the join criteria is on source field 'EmployeeNumber' and those two source entities have different values:

93fe60b9-05ba-4b92-b167-80738bdad66a EmployeeNumber=145627
695411ab-e878-4ae2-9e39-f04267ac6767 EmployeeNumber=145158

Could you please look at the joins in the database and tell me what's going on internally to see if that sheds light on how this has happened?

The environment has been running for months now, untouched from an administrative perspective.

Because I can see 66 pending incoming updates on that link that aren't being processed it seems like this failure is either (a) blocking all subsequent mappings for that link, or (b) happening for 66 different joins.  The customer reported that their upstream changes are not flowing through to AD.


Flag to configure UNIFYBroker/Plus to delete adapter entities with incomplete joins

Adrian Corston 6 months ago in UNIFYBroker/Plus 0

If an adapter has an incomplete entity on a link (i.e. no matching locker entity for the join criteria) then currently UNIFYBroker reports a warning.  In many circumstances it would be appropriate to delete the adapter entity in this situation, to ensure the external data source was kept in sync with the locker.  Add a configuration flag to enable this functionality.


Baseline Sync calling connector entity update for all entities even when there are no value changes

Adrian Corston 6 months ago in UNIFYBroker/Plus updated 6 months ago 1

When a Baseline Sync runs on a link the connector's update export functionality is called to update every entity, even when there are no field value changes.  This places an unnecessary load on UNIFYBroker and performs null updates against the external system for no discernible reason, and since UNIFYBroker/Plus is unable to sync any other links while this takes place can result in unnecessary processing delays while the connector is busy effectively doing nothing.


Duplicated join target for NULL field value where there is no target with that field value

Adrian Corston 7 months ago in UNIFYBroker/Plus updated 7 months ago 6

I am seeing: Baseline synchronization failed with the message "Source entity 'b5d56da5-a8af-4088-b98c-4b78a693b093' shares a join target with another source entity: 'fa457ecd-b5a7-4708-886b-747ca82da40a'. Cannot proceed with join.". See logs for more details.

Both source entity have a join field value of NULL, and there are no target entities with a join field value of NULL.

I tried deleting entities and reloading them, but the error remains. The mapping of field values through to other locker entities is not happening, and I would like to know if the join failure is the cause of this.


Hi Adrian

As the error message says, both of those source entities have the same join target, which may or may not exist until provisioning occurs. If the schema fields you're using can contain nulls and you want the sync to progress I'd recommend adding a Has Value filter on the join fields.

Not a bug

Connection-aware join not persisting for outgoing link when join criteria field value changes - new adapter entity is created and old one is left behind

Adrian Corston 8 months ago in UNIFYBroker/Plus updated by Beau Harrison (Senior Software Engineer) 8 months ago 6

When a locker's Cloud Group Name field is updated this configuration causes the creation of a new adapter/connector entity.  The old adapter/connector entity is retained.  After the 

The functionality is needed to allow solutions to have changes to entity key/join fields flow through to downstream systems.

Under review

Bidirectional mapping data not flowing from Locker to Adapter

Adrian Corston 9 months ago in UNIFYBroker/Plus updated by Beau Harrison (Senior Software Engineer) 8 months ago 1

In a UNIFYConnect environment I have configured a Bidirectional mapping.  For my locker entities there is a value in the field, and in the adapter entity the field is empty.  When I run a Baseline Sync the values are not being copied to the adapter entities.



There are no errors in the UNIFYBroker log file.