Identity Manager automated fulfillment - always goes to manual fulfiller

Identity Manager AE Permission Collector is configured as application source to collect idm roles as permissions in IG catalog. Permissions are requested using Access Request or via Business Role.

For fulfillment Identity Manager automated fulfillment with manual fallback is selected. when requesting access through Access Request, the fulfillment stays in pending mode forever with status 'Sending for fulfillment via Identity Manager' and nothing occurs even after collection + publish. The requested access keep showing in Fullfillment -> Requests

When permission is requested by business role, it always ends up with manual fallback fulfiller instead of using automated fulfillment.

Is there another configuration necessary for the automated fulfillment that I have missed?


For collecting IGA identities i am using 'eDirectory Identity Collector', are there any additional attributes that should be collected from Idvault to make the automated fulfillment work?

The applications have "Identity Manager Automated" selected.

Fulfillment Status tab looks like this, First one is initiated by Business role, second by Access Request

Parents
  • 0  

    Hello,
       During the processing of the fulfillment request, data of the permission and the user are examined to confirm they can be fulfilled via the IDM Automated fulfillment.


    Before opening a Service Request to investigate:
    1) What specific identity Collectors are being utilized?
    2) What strategy is being utilized (Publish and Merger or Publish without Merging) for the Identity Collector
    3) Is the fulfillment for a Role or Resource?
    4) Is the fulfillment for a Permission (Role or Resource) that is associated to the IDM AE collector or one (1) IDM Drivers


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

Reply
  • 0  

    Hello,
       During the processing of the fulfillment request, data of the permission and the user are examined to confirm they can be fulfilled via the IDM Automated fulfillment.


    Before opening a Service Request to investigate:
    1) What specific identity Collectors are being utilized?
    2) What strategy is being utilized (Publish and Merger or Publish without Merging) for the Identity Collector
    3) Is the fulfillment for a Role or Resource?
    4) Is the fulfillment for a Permission (Role or Resource) that is associated to the IDM AE collector or one (1) IDM Drivers


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    OpenText Cybersecurity

Children