<span style=" font-size:10pt;font-family:sans-serif">Ivan,</span><br><br><span style=" font-size:10pt;font-family:sans-serif">Thank you for
responding.</span><br><span style=" font-size:10pt;font-family:sans-serif">Yes, what I was
wondering is if there is a way to to have a pop up or webform for the user
to provide the name interactively.</span><br><span style=" font-size:10pt;font-family:sans-serif">The issue is I'm
not able to determine the service acct names programmatically, so I need
to obtain it from the human requester.</span><br><br><span style=" font-size:10pt;font-family:sans-serif">I understand I
will need to use intents (or possibly personas, though I fear those may
be confusing to my user base).</span><br><br><br><br><span style=" font-size:10pt;color:#808080;font-family:Arial">------------------</span><br><span style=" font-size:12pt;font-family:Arial"><b>Sean Penndorf</b></span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">SaaS
Operational Services (SOS) - ID Management</span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">IBM Cloud</span><br><span style=" font-size:10pt;color:#000080;font-family:Arial">srpenn@us.ibm.com</span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">Office:
248-552-4791 TL 623-9966</span><br><br><br><br><br><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From:
</span><span style=" font-size:9pt;font-family:sans-serif">Ivan
Noris <ivan.noris@evolveum.com></span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To:
</span><span style=" font-size:9pt;font-family:sans-serif">midpoint@lists.evolveum.com</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date:
</span><span style=" font-size:9pt;font-family:sans-serif">03/06/2018
11:03 AM</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject:
</span><span style=" font-size:9pt;font-family:sans-serif">Re:
[midPoint] Query User for Name Value</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Sent
by: </span><span style=" font-size:9pt;font-family:sans-serif">"midPoint"
<midpoint-bounces@lists.evolveum.com></span><br><hr noshade><br><br><br><span style=" font-size:12pt">Hi Sean,</span><br><span style=" font-size:12pt">I'm kind of confused what you want to
achieve.</span><br><span style=" font-size:12pt">If you want to create another account
for the same user on the same resource, obviously the accounts must have
different identifiers. E.g. "sean" and "svc-sean".
That's also similar to the example you are referring to.</span><br><span style=" font-size:12pt">For this you need to have multiple intent
configuration for the same resource. One intent (kind=account, intent=default,
default=true), second intent (kind=account, intent=whatever, default=false).
The "whatever" may be e.g. "service-account", it's
just a string.</span><br><span style=" font-size:12pt">Then you need to have roles which allow
you to create normal accounts (if you don't specify intent, midPoint assumes
intent where "default=true") and also roles to create these service
accounts (kind=account, intent=whatever in the inducement/construction.</span><br><span style=" font-size:12pt">The part which I don't understand is
the "query the user for the name". I understand that you want
to use something else than $user/name (Sean). You can use any attribute
from the user, the attribute might be completely different from $user/name.</span><br><span style=" font-size:12pt">Example: set the user attribute "Nick
name" to "DB2admin", and you can access it as $user/nickName
in the outbound mapping (you need to define source path for $user/nickName).</span><br><span style=" font-size:12pt">Or perhaps by "querying" you
mean to "ask the user to provide the value interactively"?<br><br>Best regards,<br>Ivan<br></span><br><span style=" font-size:12pt">On 01.03.2018 19:45, Sean R Penndorf
wrote:</span><br><span style=" font-size:10pt;font-family:sans-serif">Hi Community,</span><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>I'm missing some key point somewhere.</span><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>Let's say I have a Midpoint user: name = Sean<br>I have a resource to AD. Default intent account name = Sean<br>So far so good.</span><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>Now I need to add a functional ID (faceless account).<br>So I setup another intent called "functionalID" name =
?????</span><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>In most examples I've seen, you have an outbound mapping something like
this:</span><tt><span style=" font-size:12pt"><br> <expression><br> <script><br> <code><br> 'funcID-'+name<br> </code><br> </script><br> </expression></span></tt><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>...which equates to funcID-Sean.</span><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>But, what I REALLY need is the functionalID Name = svc-DB2Admin<br>How do I query the user for the name rather than generating the name?</span><span style=" font-size:12pt"><br><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>Thanks!!</span><span style=" font-size:12pt"><br><br><br></span><span style=" font-size:10pt;color:#808080;font-family:Arial"><br>------------------</span><span style=" font-size:12pt;font-family:Arial"><b><br>Sean Penndorf</b></span><span style=" font-size:10pt;color:#808080;font-family:Arial"><br>SaaS Operational Services (SOS) - ID Management<br>IBM Cloud</span><span style=" font-size:10pt;color:blue;font-family:Arial"><u><br></u></span><a href=mailto:srpenn@us.ibm.com><span style=" font-size:10pt;color:blue;font-family:Arial"><u>srpenn@us.ibm.com</u></span></a><span style=" font-size:10pt;color:#808080;font-family:Arial"><br>Office: 248-552-4791 TL 623-9966</span><span style=" font-size:12pt"><br><br><br><br></span><br><tt><span style=" font-size:12pt">_______________________________________________<br>midPoint mailing list<br></span></tt><a href=mailto:midPoint@lists.evolveum.com><tt><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><tt><span style=" font-size:12pt"><br></span></tt><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e="><tt><span style=" font-size:12pt;color:blue"><u>http://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><tt><span style=" font-size:12pt"><br></span></tt><br><br><tt><span style=" font-size:12pt">-- <br>Ivan Noris<br>Senior Identity Engineer<br>evolveum.com<br></span></tt><br><tt><span style=" font-size:10pt">_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br></span></tt><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e="><tt><span style=" font-size:10pt">https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e=</span></tt></a><tt><span style=" font-size:10pt"><br></span></tt><br><br><BR>