Skip to main content

Hi Everyone,

 

I have configured the SCIM Provisioning for IFS Cloud with AzureAD.

 

When the Users are provisioned, the ‘Identity’ attribute is created using a combination of name.givenName and name.familyName (as mentioned in the Technical Documentation).

 

  • Is there a way to override this default behaviour and set a custom value? 
  • Is there a SCIM attribute for this we could use to map a custom value to?

 

Appreciate any information on this.

 

Best Regards,

Devin Amarasekara

 

 

I reached out through the support channels and it seems this is a limitation from the SCIM side.

“Regarding the Identity creation, unfortunately there is no mechanism available to override the current identity creation process in SCIM provisioning. It is a limitation in the SCIM not in the IFS side. Also there is no SCIM attribute available to map the identity value as a custom option.”


Hi @devin.amarasekara 

It means when have two AD users: “Jan.Kowalski@domain.com” and “Jan.Kowal@domain.com” SCIM synchronization will fail?


Hello,

i want to react from the support answer.

when i check the IFS documentation it said:

“This mapping table is to be used by Administrators when configuring a new Provisioning Service. The SCIM Attribute maps to certain fields of the IFS Cloud database. When first creating a new User through provisioning, a unique Identity will be created. This Id is used as a unique identified for the new User, and will be generated based on the values of the SCIM attributes name.givenName and name.familyName. Some Identity Managers will have all of these attributes by default, but in some cases a manual attribute mapper will need to be added. As an example, which can be seen in the configuration example for Okta, a attribute mapper for name.formatted has to be added.”

 

So if i understand well, the identity value is generated by IFS  from the name.formatted attribute and not from azure.

i expect/hope that we can change this Identity  generation. Because like @knepiosko  said the provisoning failed if we encounter 2 users with same identity combinaison.

 

Best Regards

Cedric Pimont


Hi @devin.amarasekara 

It means when have two AD users: “Jan.Kowalski@domain.com” and “Jan.Kowal@domain.com” SCIM synchronization will fail?

HI @knepiosko, sorry for the really late reply. But I think yes. Since the Identity would be JANKOW for both.

and @cedric pimont , yes that’s what I understood as well. And I hope there will be a workaround eventually as well for the Identity Generation.


Hi all,

after many test on 23R1 SU8 environnement. it seems to be ok now.

When the Identity generation encounter same combinasion, It add one more letter to the identifier:

 

Best Regards 

Cedric Pimont


I have tested provisioning with one of our customer on 23R2 and one time user “Agata Kowalska” was created with identity AGAKOW second time AGATA1. If someone wants to check logic look inside package: SCIM_HANDLING_SVC and procedure Create_User___ to understand behaviour.


Hello All,

Is it still the same for 24R1 version?
Can anyone confirm?

Regards,
Hardik


Hi @hardik ,

Seems like its the same in 24R1 as well.

Like @knepiosko has mentioned, in the FNDSCM component, in ScimHandling.plsvc you can see FUNCTION Create_User___.

 

Below is the section I think that would apply for most general scenarios.
 

IF (LENGTH(given_name_mod_) >= 3 AND LENGTH(family_name_mod_) >= 3) THEN
IF (Fnd_User_API.Exists(UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 3)))) = FALSE) THEN
identity_ := UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 3)));
ELSIF (LENGTH(family_name_mod_) >= 4 AND Fnd_User_API.Exists(UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 4)))) = FALSE) THEN
identity_ := UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 4)));
ELSIF (LENGTH(family_name_mod_) >= 4 AND LENGTH(given_name_mod_) >= 4 AND Fnd_User_API.Exists(UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 4), SUBSTR(family_name_mod_, 1, 4)))) = FALSE) THEN
identity_ := UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 4), SUBSTR(family_name_mod_, 1, 4)));
ELSE
Add_Identity_Number__(UPPER(CONCAT(SUBSTR(given_name_mod_, 1, 3), SUBSTR(family_name_mod_, 1, 3))));
END IF;

 

And PROCEDURE Add_Identity_Number__ adds ‘ROUND(dbms_random.value(99.50, 999.49)’ to the end of given family name.

 

There are more scenarios handled within the code. Hope this helps.

 

Best Regards,

Devin


Reply