12.6 OpenText Directory Services Fulfillment

To add an application to a user, configure service parameters as required, then in the Fulfillment Item configuration and mapping view you must enter the User Partition ID within double quotes. This is a mandatory field and must be specified to add the user in OpenText Directory Services. The default script to add an application to a user includes default attributes. If you want to include additional attributes, modify the transformation script for Content Type and construct the necessary payload. To create the payload, in the Content Type field, click the { }, then transform the script for http body and edit the ECMA script as shown in the following examples:

  • If the user response value from OpenText Directory Services is in the following format:

    description”: “Budget Analyst” or “urlId”: “bolson@efocused.com”,

    then you must construct the payload as:

    body.description = “Software Engineer;//

    If the value of the description is stored in an attribute from OpenText Identity Governance, then you can add the attribute.

    For example, body.description = userProfile.displaydescription? userProfile.displaydescription:”;

  • If the user response value from OpenText Directory Services is in the following format:

    {

    "name" : "sn",

    "values": ["Olson"]

    } ,

    Then you must construct the payload as:

    var values = [];var valuesJson = {};valuesJson.name = 'sn';var snValues = [];snValues.push(userProfile.lastName);valuesJson.values = snValues;values.push(valuesJson);

The OpenText Identity Governance OTDS fulfiller supports the following change requests:

  • REMOVE PERMISSION ASSIGNMENT

  • ADD PERMISSION TO USER

  • GIVE USER ACCESS TO APPLICATION

  • REMOVE USER ACCESS TO APPLICATION

  • REMOVE PERMISSION FROM ACCOUNT

  • REMOVE ACCOUNT

  • ASSIGN USER TO ACCOUNT

  • REMOVE USER FROM ACCOUNT

NOTE:To fulfill the change request GIVE USER ACCESS TO APPLICATION you must configure the partition as an unsynchronized partition.

The OpenText Directory Services fulfiller automatically maps certain mandatory attributes by default. See the following table for the list of mandatory attributes that you must include in the Fulfillment Context attribute.

Fulfillment Context Attributes

Attributes

Recipient

  • User ID from Source

  • Last Name

  • First Name

  • LDAP Distinguished Name

  • Provisioning ID

Account

  • Account ID from Source

  • Account Disabled

  • Account Provisioning ID

  • Account Aliases

  • Account Name

  • Account Type

  • Connected Account Provisioning ID

  • IDM Account ID

Permission

  • Permission Type

  • Permission ID from Source

  • Permission Name

  • Provisioning Application Logical ID