Hi Matt,

In a past discussion with you I mentioned the importance of being able to know both the old and new value of an attribute when deciding to trigger an email notification, and this is an example of that.

Here’s an email requirement detail clarification just in from a UNIFYConnect customer:

“Speaking of emails, a manual process we may have missed. When a staff member is assigned an email address, we manually send them a welcome email from our CEO. If we provide the email content, etc, can you include this step in automation for new (email) users?”

Can you advise how I can detect that an email address attribute (imported from AD) has changed from blank to non-blank? Email addresses are assigned by Exchange policy so that’s the only way I can think of to detect and trigger the above action.

In UNIFYBroker we could edit the connector and adapter extensibility files to re-order the connectors and adapters in the web UI.  Could you please add a facility to do this in UNIFYConnect?

Is it possible to have multivalued attributes in a CSV connector?

In a MIM context we have been refining our Safety Catch to ensure that unwanted changes (not just deletes) are not replicated to target systems if the change count exceeds a threshold (% or raw number).  The latest version is presently pending deployment for a long-term MIM site.

With the roll-out of more Broker+/UNIFYConnect implementations, an equivalent safeguard feature is now required - over and above the "connector delete threshold" native to UNIFYBroker itself.  Until such a feature is available in a forthcoming release, a work-around should be considered for each implementation.

UNIFYBroker v5.3.2 with Chris21.

Chris21 Person adapter is configured with a Join transformation to a Chris21 placement connector with a Sliding Window and type Relevant.  A placement with a start date in the past and a NULL end date is not being selected (a NULL end date means ongoing placement, with no scheduled end date).  Instead, the most recent placement with a non-NULL end date is selected.

Here is the placement data:

Here is the configuration:

The transformed adapter data shows an incorrect posstart and posend (and all other selected attributes):

This problem did not occur in Identity Broker v4.

It may also be relevant to note that the 'First' or 'Priority Selection' radio box does not appear for the Relevant type.  It used to appear for this transform and type in Identity Broker v4.

The documentation for the Microsoft Office Enterprise agent refers to the Azure Graph API.  Given that API is deprecated and will be turned off in 2022, are there plans to upgrade it to use the MS Graph API?

In this morning's MS Identity Advisors session MS provided a clear indication that they are planning to move towards a call-out model for on-demand Access Request integration with external systems.  To get ahead of the curve on this, we could look at offering an extensible REST API endpoint in UNIFYBroker.

Typical usage would be:

Azure sends UNIFYBroker a request for user "bobsmith" asking UNIFYBroker for a certain attribute for that user (e.g. department number) or asking UNIFYBroker to provide an answer to a question (such as "is this user allowed to get access to resource X at the moment?")  UNIFYBroker responds and Azure uses that information to approve or deny an in-flight Access Request.

My suggested solution is that the request for user "bobsmith" (and/or "resource X") would map to a adapter record lookup, and the "answer" UNIFYBroker gives back would be the value of one or more fields for that matching record.

Hi Team,

In IDB 4, the Join Transformation has this configuration (see attached screenshot) 

Whereas, in IDB 5 looks like this (see attached screenshot) 

How come in IDB 4 its a - sign between [posstart] and time offset, whereas in IDB 5 its a + sign? What are the difference? Thank you

Regards,
Marc Laroza

Hello Unify people. A long time ago I posted this:

https://voice.unifysolutions.net/communities/6/topics/2467-aurion-export-failed-employee_no-expected

I have now found out it is not (or no longer) a requirement of the Aurion API method EMP_UPDATE_PERS to have the employee number, and it can work with the WAMIKey, as in the following:

API_FUNCTION=EMP_UPDATE_PERS|WAMI_NO=16798|CONTACT_PHONE=02 9898 9898|WORK_MOBILE=0404 040 404

If the customer asks for an update to the Aurion connector to use the WAMI if Employee_Number is not available, can you do that?

We have recently been having issue whereby the UNIFYBroker service account appdata directory (C:\Users\<IdB Service Account>\AppData\Roaming\Microsoft\Crypto\RSA\<user object SID>) seems to fill up rapidly with RSA files. At its currently rate it appears to be filling up with the addition of thousands of files a day. I have done some testing between UNIFYBroker and Process Monitor and have been able to narrow down a particular operation in UNIFYBroker that seems to be generating all the files in this directory and not clearing them after creating them.

The main operation from what I can tell seems to be the export operation on the google groups connector. I have tested imports on these same connector and this doesn't seem to be generating the files from what I can tell. Please see the images below showing the timings for these jobs lining up at exactly the same time.

Environment Details:

UNIFYBroker: v5.3.1

Google Connector: v5.3.2

Let me know if you need any further information.