Custom Unique Identifier for User when SCIM Provisioning

Hi @devin.amarasekara 

It means when have two AD users: “Jan.Kowalski@domain.com” and “Jan.Kowal@domain.com” SCIM synchronization will fail?

Hello,

i want to react from the support answer.

when i check the IFS documentation it said:

“This mapping table is to be used by Administrators when configuring a new Provisioning Service. The SCIM Attribute maps to certain fields of the IFS Cloud database. When first creating a new User through provisioning, a unique Identity will be created. This Id is used as a unique identified for the new User, and will be generated based on the values of the SCIM attributes name.givenName and name.familyName. Some Identity Managers will have all of these attributes by default, but in some cases a manual attribute mapper will need to be added. As an example, which can be seen in the configuration example for Okta, a attribute mapper for name.formatted has to be added.”

So if i understand well, the identity value is generated by IFS  from the name.formatted attribute and not from azure.

i expect/hope that we can change this Identity  generation. Because like @knepiosko  said the provisoning failed if we encounter 2 users with same identity combinaison.

Best Regards

Cedric Pimont

HI @knepiosko, sorry for the really late reply. But I think yes. Since the Identity would be JANKOW for both.

and @cedric pimont , yes that’s what I understood as well. And I hope there will be a workaround eventually as well for the Identity Generation.

Hi all,

after many test on 23R1 SU8 environnement. it seems to be ok now.

When the Identity generation encounter same combinasion, It add one more letter to the identifier:

Best Regards 

Cedric Pimont

I have tested provisioning with one of our customer on 23R2 and one time user “Agata Kowalska” was created with identity AGAKOW second time AGATA1. If someone wants to check logic look inside package: SCIM_HANDLING_SVC and procedure Create_User___ to understand behaviour.

Hello All,

Is it still the same for 24R1 version?
Can anyone confirm?

Regards,
Hardik

Hi @hardik ,

Seems like its the same in 24R1 as well.

Like @knepiosko has mentioned, in the FNDSCM component, in ScimHandling.plsvc you can see FUNCTION Create_User___.

Below is the section I think that would apply for most general scenarios.
 

IF (LENGTH(given_name_mod_) >= 3 AND LENGTH(family_name_mod_) >= 3) THEN
         IF (Fnd_User_API.Exists(UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 3)))) = FALSE) THEN
            identity_ := UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 3)));
         ELSIF (LENGTH(family_name_mod_) >= 4 AND Fnd_User_API.Exists(UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 4)))) = FALSE) THEN
            identity_ := UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 4)));
         ELSIF (LENGTH(family_name_mod_) >= 4 AND LENGTH(given_name_mod_) >= 4 AND Fnd_User_API.Exists(UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 4), SUBSTR(family_name_mod_, 1, 4)))) = FALSE) THEN
            identity_ := UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 4), SUBSTR(family_name_mod_, 1, 4)));
         ELSE
            Add_Identity_Number__(UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 3))));
         END IF;

And PROCEDURE Add_Identity_Number__ adds ‘ROUND(dbms_random.value(99.50, 999.49)’ to the end of given family name.

There are more scenarios handled within the code. Hope this helps.

Best Regards,

Devin