Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Fixed

Using Remove Joins (to view existing joins) generates DataTables Error (SocketException: the target machine active refused it)

Adrian Corston 4 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 4 years ago 2

The following UI error appears whenever I attempt to view joins via the 'Remove Joins' menu option on a Link in the Netwealth UNIFYConnect DEV instance:

Image 5915

I am using Chrome on the jumpbox VM, logged in with my UNIFY credentials. The error is not written to the UNIFYBroker log.

Answer

Fix deployed. Patch for reference (in Web/bin folder)

Unify.Plus.Web.Extensibility.dll

0

Improved UNIFYBroker/Plus log/UI messages (de/provisioning counts, incompletes, log message grouping)

Adrian Corston 4 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 3 years ago 0

UNIFYBroker/Plus would be easier to operate if the following logging and UI messages were added or made more clear:

* A log summary of the count of entities provisioned and deprovisioned by a locker synchronisation (this may already be there, but the terminology is "added" rather than "provisioned" - it would be nice if this was consistent with the UI and clearly delineated as being different to entities "added" to the adapter via reflection)

* An log explanation of the reason(s) why an entity's provision was Incomplete - i.e. which required fields are missing, or whatever else it was that caused it to be Incomplete.

* A way to identify all of the logging messages that are part of the same synchronization operation.  In a busy log file it's hard to see the wood for the trees...

* Not to report un-joined and un-provisioned entities for a linker as Incomplete during Baseline Synchronization.  The configuration clearly doesn't want these entities in the locker - but the yellow (i) box that appears seems to suggests that something may have gone wrong with them.

0
Not a bug

Link cannot synchronise a field change from Locker to Adapter

A Locker field value change is not appeared in an Adapter when Changes Synchronization runs.  The same Locker/Adapter are able to provision objects just fine.

The UNIFYBroker/Plus config and logs are available in the Netwealth UNIFYConnect DEV instance; the Locker is "Employee", the Adapter is "SPOL Employee Suspensions", the Link is "Employees > SPOL Employee Suspensions".  To trigger the change I make a change to a field value in the Employee connector source (an SFTP CSV file), run an Import All on the "ELMO Employees" connector, a Changes Synchronization on the "ELMO Employees > Employees" Link, then finally the Changes Synchronization on the "Employees > SPOL Suspended Employees" Link (which causes the following error to be written to the log):

Image 5911

0
Fixed

After deleting a Link's Adapter it's not possible to edit that Link in the UI

The follow error occurs:

Image 5910

To replicate, create a Link for an Adapter, delete the Adapter and then attempt to edit the Link.

0
Not a bug

"An error has occurred: A link matching the id XXX could not be located" after deleting a Link

After deleting a Link, Adapter and Connector the following error is persistently appearing in the Netwealth UNIFYConnect DEV instance:

Image 5906

Could you please investigate and advise how to get rid of it?

0
Under review

Remove LDAP adapter field name restriction for non-LDAP deployments

Adrian Corston 4 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 3 years ago 1

When deploying UNIFYBroker/Plus the LDAP name restriction for adapter field names is unnecessary - could you please offer a way to turn it off.

Image 5890

0
Answered

Email notifications based on old attribute values

Hi Matt,

In a past discussion with you I mentioned the importance of being able to know both the old and new value of an attribute when deciding to trigger an email notification, and this is an example of that.

Here’s an email requirement detail clarification just in from a UNIFYConnect customer:

“Speaking of emails, a manual process we may have missed. When a staff member is assigned an email address, we manually send them a welcome email from our CEO. If we provide the email content, etc, can you include this step in automation for new (email) users?”

Can you advise how I can detect that an email address attribute (imported from AD) has changed from blank to non-blank? Email addresses are assigned by Exchange policy so that’s the only way I can think of to detect and trigger the above action.

Answer

Matt wrote:

You could have a placeholder connector set up that contains ‘users with emails’, and only provision into that adapter/connector if they have an email address. Then run a post provisioning task that sends an email to them.
Or you could compare the entities to determine if a new value has been set in an email field, in one of your existing flows.

For the latter he is referring to the use of $sourceEntities and $targetEntities from PowerShell tasks.

0

Safety Catch Feature

Bob Bradley 4 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 3 years ago 1

In a MIM context we have been refining our Safety Catch to ensure that unwanted changes (not just deletes) are not replicated to target systems if the change count exceeds a threshold (% or raw number).  The latest version is presently pending deployment for a long-term MIM site.

With the roll-out of more Broker+/UNIFYConnect implementations, an equivalent safeguard feature is now required - over and above the "connector delete threshold" native to UNIFYBroker itself.  Until such a feature is available in a forthcoming release, a work-around should be considered for each implementation.

0

Generated As Built Documentation for UNIFYAssure/UNIFYConnect Engagements

Bob Bradley 4 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 3 years ago 0

As-built of the nature of MIM Documenter and AAD Connect Documenter has long been an expected artifact of the Microsoft Workplace Identity Practice for all MIM and AAD Connect deployments.

Something at least similar to the SuccessFactors default attribute mapping can be generated for our UNIFY* customers as part of handover to BAU, providing a quick reference for both the customer and support alike.

0
Completed

UNIFY* Pre-build Checklist

Bob Bradley 4 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 2 years ago 1

Similar to the checklist developed on the back of the ultimately successful WA Water Lite implementation, this Aurion Pre-installation Checklist contains the necessary steps for a successful implementation UNIFYBroker+ as well as both UNIFYAssure and UNIFYConnect IdAAS flavours.

An updated checklist will now be required for each of the in-flight UNIFYConnect implementations, as well as future Broker+ installations (where the server specs are still required), and apart from the following recommendation needs to be specified by Engineering:

  • Correlation IDs are available in all production and non-production Active Directory environments
Answer

Presales activity which is now available as part of our default contract.