FIM Portal Synchronization
Resource Type: SynchronizationRule
  1. DEEWR-Inbound Synch Rule for AD Users
  2. DEEWR-Inbound Synch Rule for DEEWR-vasco-DPTokens from AD
  3. DEEWR-Inbound Synch Rule for Migrated User Roles
  4. DEEWR-Outbound Synch Rule for Claims to SQL
  5. DEEWR-Outbound Synch Rule for Users to AD
1. DEEWR-Inbound Synch Rule for AD Users ^Top
Synchronization Rule Configuration
Name DEEWR-Inbound Synch Rule for AD Users
Description Inbound Synch Rule for AD Users
Created Time 19/07/2011
Precedence 2
Data Flow Direction Inbound
Dependency
Scope
Metaverse Resource Type person
External System DEV ADMA
External System Resource Type user
Relationship
Create Resource In FIM False
Connected Object Scope
Source Attribute Operation Value
dn CONTAINS OU=Test,OU=Users,OU=XNET,DC=dev,DC=construction,DC=enet
Relationship Criteria
ILM Attribute Data Source Attribute
objectSid objectSid
Inbound Attribute Flows
Destination Source
csObjectID dn
lockoutTime lockoutTime
email mail
mailNickname mailNickname
objectSid objectSid
physicalDeliveryOfficeName physicalDeliveryOfficeName
accountName sAMAccountName
DEEWR-isActive IIF(CustomExpression(Eq(BitAnd(userAccountControl,2),0)),"true","false")
userAccountControl userAccountControl
userPrincipalName userPrincipalName
DEEWR-VascoDigipassData VascoDigipassData
DEEWR-vasco-LinkVascoUserToVascoDigipass vasco-LinkVascoUserToVascoDigipass
whenCreated CustomExpression(+(Left(whenCreated,4),"-",Mid(whenCreated,5,2),"-",Mid(whenCreated,7,2),"T14:00:00.000"))
2. DEEWR-Inbound Synch Rule for DEEWR-vasco-DPTokens from AD ^Top
Synchronization Rule Configuration
Name DEEWR-Inbound Synch Rule for DEEWR-vasco-DPTokens from AD
Description DEEWR-Inbound Synch Rule for DEEWR-vasco-DPTokens from AD
Created Time 19/07/2011
Precedence 3
Data Flow Direction Inbound
Dependency
Scope
Metaverse Resource Type DEEWR-vasco-DPToken
External System DEV ADMA
External System Resource Type vasco-DPToken
Relationship
Create Resource In FIM True
Relationship Criteria
ILM Attribute Data Source Attribute
objectSid objectSid
Inbound Attribute Flows
Destination Source
description description
displayName displayName
DEEWR-uid dn
objectSid objectSid
DEEWR-vasco-DirectAssignOnly vasco-DirectAssignOnly
DEEWR-vasco-SerialNumber vasco-SerialNumber
DEEWR-vasco-TokenType vasco-TokenType
3. DEEWR-Inbound Synch Rule for Migrated User Roles ^Top
Synchronization Rule Configuration
Name DEEWR-Inbound Synch Rule for Migrated User Roles
Description Inbound Synch Rule for Migrated User Roles
Created Time 19/07/2011
Precedence 1
Data Flow Direction Inbound
Dependency
Scope
Metaverse Resource Type person
External System AD Migrated User Roles
External System Resource Type person
Relationship
Create Resource In FIM True
Relationship Criteria
ILM Attribute Data Source Attribute
objectSid objectSid
Inbound Attribute Flows
Destination Source
DEEWR-esg-organisationID DEEWR-esg-organisationID
DEEWR-esg-roleID DEEWR-esg-roleID
DEEWR-esg-siteID DEEWR-esg-siteID
DEEWR-roleID DEEWR-roleID
description description
displayName displayName
employeeID employeeNumber
employeeType employeeType
DEEWR-codeWord employmentAUExtCodeword
DEEWR-selfServicePassword employmentAUExtIAMSelfServicePassword
DEEWR-esg-securityReports employmentAUIntIMSecurityReports
facsimileTelephoneNumber facsimileTelephoneNumber
DEEWR-friendlyNames friendlyNames
firstName givenName
DEEWR-info info
lockoutTime lockoutTime
email mail
mailNickname mailNickname
manager manager
mobile mobile
objectSid objectSid
personalTitle personalTitle
physicalDeliveryOfficeName physicalDeliveryOfficeName
proxyAddressCollection proxyAddresses
accountName sAMAccountName
lastName sn
officePhone telephoneNumber
userAccountControl userAccountControl
userPrincipalName userPrincipalName
whenCreated CustomExpression(+(Left(whenCreated,4),"-",Mid(whenCreated,5,2),"-",Mid(whenCreated,7,2),"T14:00:00.000"))
domain Constant: ENETDEV
4. DEEWR-Outbound Synch Rule for Claims to SQL ^Top
Synchronization Rule Configuration
Name DEEWR-Outbound Synch Rule for Claims to SQL
Description Outbound Synch Rule for Claims to SQL
Created Time 19/07/2011
Precedence 1
Data Flow Direction Inbound and Outbound
Dependency
Scope
Metaverse Resource Type DEEWR-claim
External System Claims MA
External System Resource Type claim
Relationship
Create Resource In FIM False
Create Resource In External System True
Enable Deprovisioning True
Relationship Criteria
ILM Attribute Data Source Attribute
DEEWR-claimID ClaimID
Inbound Attribute Flows
Destination Source
DEEWR-claimID ClaimID
Initial Outbound Attribute Flows
Allow Nulls Destination Source
false ClaimID DEEWR-claimID
false dn +("UID=",DEEWR-claimID,",OU=Claims")
Persistent Outbound Attribute Flows
Allow Nulls Destination Source
false ApplicationName DEEWR-applicationName
false ClaimTypeName DEEWR-claimTypleName
false ClaimValue DEEWR-claimValue
false ClaimValueType DEEWR-claimValueType
false subKey DEEWR-subKeyName
false UserIDName DEEWR-userIDName
5. DEEWR-Outbound Synch Rule for Users to AD ^Top
Synchronization Rule Configuration
Name DEEWR-Outbound Synch Rule for Users to AD
Description Outbound Synch Rule for Users to AD, including Vasco certificate assignments
Created Time 19/07/2011
Precedence 1
Data Flow Direction Outbound
Dependency
Scope
Metaverse Resource Type person
External System DEV ADMA
External System Resource Type user
Relationship
Create Resource In External System True
Enable Deprovisioning False
Relationship Criteria
ILM Attribute Data Source Attribute
objectSid objectSid
Parameters
ILM Attribute Data Source Attribute
TargetOU String
Initial Outbound Attribute Flows
Allow Nulls Destination Source
false dn +("CN=",accountName,$TargetOU)
false sAMAccountName accountName
false userPrincipalName +(accountName,"@dev.construction.enet")
false unicodePwd unicodePwd
false userAccountControl Constant: 512
Existence Tests
Allow Nulls Destination Source
false userAccountControl Constant: 512
Persistent Outbound Attribute Flows
Allow Nulls Destination Source
false dn +("CN=",accountName,$TargetOU)
false info DEEWR-info
false userAccountControl IIF(DEEWR-isActive,CustomExpression(IIF(IsPresent(userAccountControl),BitAnd(userAccountControl,9223372036854775805),512)),CustomExpression(IIF(IsPresent(userAccountControl),BitOr(userAccountControl,2),514)))
false displayName displayName
false employeeType employeeType
false givenName firstName
false sn lastName
true employmentAUExtIAMSelfServicePassword DEEWR-selfServicePassword
true VascoDigipassData DEEWR-VascoDigipassData
true vasco-LinkVascoUserToVascoDigipass DEEWR-vasco-LinkVascoUserToVascoDigipass
true employeeID employeeID
true manager manager