<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Sean,</p>
<p>I think currently we don't have feature like that. This are some
thoughts that I have:</p>
<p>- let the user enter the account name using self-service into
some extension attribute, that will be then used.<br>
</p>
<p>- maybe the value you want can be an assignment parameter for the
assignment which will create the technical account. Related jira
issue: <a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-3515">https://jira.evolveum.com/browse/MID-3515</a></p>
<p>- completely custom GUI on your side, doing whatever, then
calling midPoint REST API to do provisioning</p>
<p>Of course, at the end, intents (or personas) will do the trick.
But as you said, they would expect to already have the value you
want to provision and if it's not possible to derive from the user
data, there must be some interaction.<br>
</p>
Maybe there are other possibilities that I'm not aware of. In that
case, my coleagues or other members of this list may have other
ideas.<br>
<br>
If the jira issue referenced above makes sense for you, or if you
need something completely different, please consider a subscription:
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature">https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature</a><br>
<br>
Best regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 06.03.2018 18:20, Sean R Penndorf
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OFA3E14DD7.316ABB3E-ON85258248.005E858B-85258248.005F3D12@notes.na.collabserv.com"><span
style=" font-size:10pt;font-family:sans-serif">Ivan,</span><br>
<br>
<span style=" font-size:10pt;font-family:sans-serif">Thank you for
responding.</span><br>
<span style=" font-size:10pt;font-family:sans-serif">Yes, what I
was
wondering is if there is a way to to have a pop up or webform
for the user
to provide the name interactively.</span><br>
<span style=" font-size:10pt;font-family:sans-serif">The issue is
I'm
not able to determine the service acct names programmatically,
so I need
to obtain it from the human requester.</span><br>
<br>
<span style=" font-size:10pt;font-family:sans-serif">I understand
I
will need to use intents (or possibly personas, though I fear
those may
be confusing to my user base).</span><br>
<br>
<br>
<br>
<span style=" font-size:10pt;color:#808080;font-family:Arial">------------------</span><br>
<span style=" font-size:12pt;font-family:Arial"><b>Sean Penndorf</b></span><br>
<span style=" font-size:10pt;color:#808080;font-family:Arial">SaaS
Operational Services (SOS) - ID Management</span><br>
<span style=" font-size:10pt;color:#808080;font-family:Arial">IBM
Cloud</span><br>
<span style=" font-size:10pt;color:#000080;font-family:Arial"><a class="moz-txt-link-abbreviated" href="mailto:srpenn@us.ibm.com">srpenn@us.ibm.com</a></span><br>
<span style=" font-size:10pt;color:#808080;font-family:Arial">Office:
248-552-4791 TL 623-9966</span><br>
<br>
<br>
<br>
<br>
<br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From:
</span><span style="
font-size:9pt;font-family:sans-serif">Ivan
Noris <a class="moz-txt-link-rfc2396E" href="mailto:ivan.noris@evolveum.com"><ivan.noris@evolveum.com></a></span><br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To:
</span><span style="
font-size:9pt;font-family:sans-serif"><a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a></span><br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date:
</span><span style="
font-size:9pt;font-family:sans-serif">03/06/2018
11:03 AM</span><br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject:
</span><span style="
font-size:9pt;font-family:sans-serif">Re:
[midPoint] Query User for Name Value</span><br>
<span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Sent
by: </span><span style="
font-size:9pt;font-family:sans-serif">"midPoint"
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint-bounces@lists.evolveum.com"><midpoint-bounces@lists.evolveum.com></a></span><br>
<hr noshade="noshade"><br>
<br>
<br>
<span style=" font-size:12pt">Hi Sean,</span><br>
<span style=" font-size:12pt">I'm kind of confused what you want
to
achieve.</span><br>
<span style=" font-size:12pt">If you want to create another
account
for the same user on the same resource, obviously the accounts
must have
different identifiers. E.g. "sean" and "svc-sean".
That's also similar to the example you are referring to.</span><br>
<span style=" font-size:12pt">For this you need to have multiple
intent
configuration for the same resource. One intent (kind=account,
intent=default,
default=true), second intent (kind=account, intent=whatever,
default=false).
The "whatever" may be e.g. "service-account", it's
just a string.</span><br>
<span style=" font-size:12pt">Then you need to have roles which
allow
you to create normal accounts (if you don't specify intent,
midPoint assumes
intent where "default=true") and also roles to create these
service
accounts (kind=account, intent=whatever in the
inducement/construction.</span><br>
<span style=" font-size:12pt">The part which I don't understand is
the "query the user for the name". I understand that you want
to use something else than $user/name (Sean). You can use any
attribute
from the user, the attribute might be completely different from
$user/name.</span><br>
<span style=" font-size:12pt">Example: set the user attribute
"Nick
name" to "DB2admin", and you can access it as $user/nickName
in the outbound mapping (you need to define source path for
$user/nickName).</span><br>
<span style=" font-size:12pt">Or perhaps by "querying" you
mean to "ask the user to provide the value interactively"?<br>
<br>
Best regards,<br>
Ivan<br>
</span><br>
<span style=" font-size:12pt">On 01.03.2018 19:45, Sean R Penndorf
wrote:</span><br>
<span style=" font-size:10pt;font-family:sans-serif">Hi Community,</span><span
style=" font-size:12pt"><br>
</span><span style=" font-size:10pt;font-family:sans-serif"><br>
I'm missing some key point somewhere.</span><span style="
font-size:12pt"><br>
</span><span style=" font-size:10pt;font-family:sans-serif"><br>
Let's say I have a Midpoint user: name = Sean<br>
I have a resource to AD. Default intent account name = Sean<br>
So far so good.</span><span style=" font-size:12pt"><br>
</span><span style=" font-size:10pt;font-family:sans-serif"><br>
Now I need to add a functional ID (faceless account).<br>
So I setup another intent called "functionalID" name =
?????</span><span style=" font-size:12pt"><br>
</span><span style=" font-size:10pt;font-family:sans-serif"><br>
In most examples I've seen, you have an outbound mapping
something like
this:</span><tt><span style=" font-size:12pt"><br>
<expression><br>
<script><br>
<code><br>
'funcID-'+name<br>
</code><br>
</script><br>
</expression></span></tt><span
style=" font-size:12pt"><br>
</span><span style=" font-size:10pt;font-family:sans-serif"><br>
...which equates to funcID-Sean.</span><span style="
font-size:12pt"><br>
</span><span style=" font-size:10pt;font-family:sans-serif"><br>
But, what I REALLY need is the functionalID Name = svc-DB2Admin<br>
How do I query the user for the name rather than generating the
name?</span><span style=" font-size:12pt"><br>
<br>
</span><span style=" font-size:10pt;font-family:sans-serif"><br>
Thanks!!</span><span style=" font-size:12pt"><br>
<br>
<br>
</span><span style="
font-size:10pt;color:#808080;font-family:Arial"><br>
------------------</span><span style="
font-size:12pt;font-family:Arial"><b><br>
Sean Penndorf</b></span><span style="
font-size:10pt;color:#808080;font-family:Arial"><br>
SaaS Operational Services (SOS) - ID Management<br>
IBM Cloud</span><span style="
font-size:10pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="mailto:srpenn@us.ibm.com"
moz-do-not-send="true"><span style="
font-size:10pt;color:blue;font-family:Arial"><u>srpenn@us.ibm.com</u></span></a><span
style=" font-size:10pt;color:#808080;font-family:Arial"><br>
Office: 248-552-4791 TL 623-9966</span><span style="
font-size:12pt"><br>
<br>
<br>
<br>
</span><br>
<tt><span style=" font-size:12pt">_______________________________________________<br>
midPoint mailing list<br>
</span></tt><a href="mailto:midPoint@lists.evolveum.com"
moz-do-not-send="true"><tt><span style="
font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><tt><span
style=" font-size:12pt"><br>
</span></tt><a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e="
moz-do-not-send="true"><tt><span style="
font-size:12pt;color:blue"><u>http://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><tt><span
style=" font-size:12pt"><br>
</span></tt><br>
<br>
<tt><span style=" font-size:12pt">-- <br>
Ivan Noris<br>
Senior Identity Engineer<br>
evolveum.com<br>
</span></tt><br>
<tt><span style=" font-size:10pt">_______________________________________________<br>
midPoint mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
</span></tt><a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e="
moz-do-not-send="true"><tt><span style=" font-size:10pt">https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e=</span></tt></a><tt><span
style=" font-size:10pt"><br>
</span></tt><br>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>