[midPoint] Synchronize multiple accounts per user?

Mikko Pekkarinen mikko.pekkarinen at datactica.fi
Tue Dec 20 09:36:22 CET 2016


Hello,

Use case: A resource maintains user accounts and organization information. I need to synchronize these to midPoint.
The user accounts are associated to the organizations, and one person may have an account in multiple organizations.
The accounts have an ID field that uniquely identifies the person who owns the account, and I use this ID to correlate the accounts to midPoint Users. Straigthforward synchronization leads to constraint violation exceptions, as the different accounts have same (resource, kind, intent).

I can see some possible solutions:
 - Writing a script that creates N copies of the resource configuration, with different 'intent' values.
   This is ugly, possibly inefficient, and limits the maximum number of accounts per user.
 - Create a separate User in midPoint for each account.
   Feels wrong. Seems simple in the short term, but leads at least to usability problems.
   Probably other problems as well?

Are there better choices or any best practices for this situation?
Would the new "identity merging" feature help, i.e. can it merge Users whose shadows have identical
(resource, kind, intent)?


Mikko


More information about the midPoint mailing list