<span style=" font-size:10pt;font-family:sans-serif">That helps....gives
me a few ideas to try out.</span><br><span style=" font-size:10pt;font-family:sans-serif">I think MID-3515
would be the best solution.</span><br><br><span style=" font-size:10pt;font-family:sans-serif">Thanks!!!</span><br><br><span style=" font-size:10pt;color:#808080;font-family:Arial">------------------</span><br><span style=" font-size:12pt;font-family:Arial"><b>Sean Penndorf</b></span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">SaaS
Operational Services (SOS) - ID Management</span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">IBM Cloud</span><br><span style=" font-size:10pt;color:#000080;font-family:Arial">srpenn@us.ibm.com</span><br><span style=" font-size:10pt;color:#808080;font-family:Arial">Office:
248-552-4791   TL  623-9966</span><br><br><br><br><br><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From:
       </span><span style=" font-size:9pt;font-family:sans-serif">Ivan
Noris <ivan.noris@evolveum.com></span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To:
       </span><span style=" font-size:9pt;font-family:sans-serif">midpoint@lists.evolveum.com</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date:
       </span><span style=" font-size:9pt;font-family:sans-serif">03/07/2018
03:44 AM</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject:
       </span><span style=" font-size:9pt;font-family:sans-serif">Re:
[midPoint] Query User for Name Value</span><br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Sent
by:        </span><span style=" font-size:9pt;font-family:sans-serif">"midPoint"
<midpoint-bounces@lists.evolveum.com></span><br><hr noshade><br><br><br><span style=" font-size:12pt">Hi Sean,</span><br><span style=" font-size:12pt">I think currently we don't have feature
like that. This are some thoughts that I have:</span><br><span style=" font-size:12pt">- let the user enter the account name
using self-service into some extension attribute, that will be then used.</span><br><span style=" font-size:12pt">- maybe the value you want can be an
assignment parameter for the assignment which will create the technical
account. Related jira issue: </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__jira.evolveum.com_browse_MID-2D3515&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=PlkHWfNwTADOnEG4-XYEH9Tq05nZZWik93K7oCZhbm0&s=WYcpujOo53m7CINTuazTszT1ucEg8uJLXZKiPmq-kQI&e="><span style=" font-size:12pt;color:blue"><u>https://jira.evolveum.com/browse/MID-3515</u></span></a><br><span style=" font-size:12pt">- completely custom GUI on your side,
doing whatever, then calling midPoint REST API to do provisioning</span><br><span style=" font-size:12pt">Of course, at the end, intents (or personas)
will do the trick. But as you said, they would expect to already have the
value you want to provision and if it's not possible to derive from the
user data, there must be some interaction.</span><br><span style=" font-size:12pt">Maybe there are other possibilities that
I'm not aware of. In that case, my coleagues or other members of this list
may have other ideas.<br><br>If the jira issue referenced above makes sense for you, or if you need
something completely different, please consider a subscription: </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.evolveum.com_display_midPoint_I-2BNeed-2BNew-2BFeature&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=PlkHWfNwTADOnEG4-XYEH9Tq05nZZWik93K7oCZhbm0&s=p675Rz7aH0OXSqSgaE_k_19BId3Bh2R2IWs7rlDjnf8&e="><span style=" font-size:12pt;color:blue"><u>https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature</u></span></a><span style=" font-size:12pt"><br><br>Best regards,<br>Ivan<br></span><br><span style=" font-size:12pt">On 06.03.2018 18:20, Sean R Penndorf
wrote:</span><br><span style=" font-size:10pt;font-family:sans-serif">Ivan,</span><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>Thank you for responding.<br>Yes, what I was wondering is if there is a way to to have a pop up or webform
for the user to provide the name interactively.<br>The issue is I'm not able to determine the service acct names programmatically,
so I need to obtain it from the human requester.</span><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br>I understand I will need to use intents (or possibly personas, though I
fear those may be confusing to my user base).</span><span style=" font-size:12pt"><br><br><br></span><span style=" font-size:10pt;color:#808080;font-family:Arial"><br>------------------</span><span style=" font-size:12pt;font-family:Arial"><b><br>Sean Penndorf</b></span><span style=" font-size:10pt;color:#808080;font-family:Arial"><br>SaaS Operational Services (SOS) - ID Management<br>IBM Cloud</span><span style=" font-size:10pt;color:blue;font-family:Arial"><u><br></u></span><a href=mailto:srpenn@us.ibm.com><span style=" font-size:10pt;color:blue;font-family:Arial"><u>srpenn@us.ibm.com</u></span></a><span style=" font-size:10pt;color:#808080;font-family:Arial"><br>Office: 248-552-4791   TL  623-9966</span><span style=" font-size:12pt"><br><br><br><br><br></span><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif"><br>From:        </span><span style=" font-size:9pt;font-family:sans-serif">Ivan
Noris </span><a href=mailto:ivan.noris@evolveum.com><span style=" font-size:9pt;color:blue;font-family:sans-serif"><u><ivan.noris@evolveum.com></u></span></a><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif"><br>To:        </span><a href=mailto:midpoint@lists.evolveum.com><span style=" font-size:9pt;color:blue;font-family:sans-serif"><u>midpoint@lists.evolveum.com</u></span></a><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif"><br>Date:        </span><span style=" font-size:9pt;font-family:sans-serif">03/06/2018
11:03 AM</span><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif"><br>Subject:        </span><span style=" font-size:9pt;font-family:sans-serif">Re:
[midPoint] Query User for Name Value</span><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif"><br>Sent by:        </span><span style=" font-size:9pt;font-family:sans-serif">"midPoint"
</span><a href="mailto:midpoint-bounces@lists.evolveum.com"><span style=" font-size:9pt;color:blue;font-family:sans-serif"><u><midpoint-bounces@lists.evolveum.com></u></span></a><span style=" font-size:12pt"><br></span><hr noshade><span style=" font-size:12pt"><br><br><br>Hi Sean,<br>I'm kind of confused what you want to achieve.<br>If you want to create another account for the same user on the same resource,
obviously the accounts must have different identifiers. E.g. "sean"
and "svc-sean". That's also similar to the example you are referring
to.<br>For this you need to have multiple intent configuration for the same resource.
One intent (kind=account, intent=default, default=true), second intent
(kind=account, intent=whatever, default=false). The "whatever"
may be e.g. "service-account", it's just a string.<br>Then you need to have roles which allow you to create normal accounts (if
you don't specify intent, midPoint assumes intent where "default=true")
and also roles to create these service accounts (kind=account, intent=whatever
in the inducement/construction.<br>The part which I don't understand is the "query the user for the name".
I understand that you want to use something else than $user/name (Sean).
You can use any attribute from the user, the attribute might be completely
different from $user/name.<br>Example: set the user attribute "Nick name" to "DB2admin",
and you can access it as $user/nickName in the outbound mapping (you need
to define source path for $user/nickName).<br>Or perhaps by "querying" you mean to "ask the user to provide
the value interactively"?<br><br>Best regards,<br>Ivan<br><br>On 01.03.2018 19:45, Sean R Penndorf wrote:</span><span style=" font-size:10pt;font-family:sans-serif"><br>Hi Community,<br><br>I'm missing some key point somewhere.<br><br>Let's say I have a Midpoint user:  name = Sean<br>I have a resource to AD. Default intent account name = Sean<br>So far so good.<br><br>Now I need to add a functional ID (faceless account).<br>So I setup another intent called "functionalID"  name =
?????<br><br>In most examples I've seen, you have an outbound mapping something like
this:</span><tt><span style=" font-size:12pt"><br>                    <expression><br>                        <script><br>                            <code><br>                                'funcID-'+name<br>                            </code><br>                        </script><br>                    </expression></span></tt><span style=" font-size:10pt;font-family:sans-serif"><br><br>...which equates to funcID-Sean.<br><br>But, what I REALLY need is the functionalID Name = svc-DB2Admin<br>How do I query the user for the name rather than generating the name?</span><span style=" font-size:12pt"><br></span><span style=" font-size:10pt;font-family:sans-serif"><br><br>Thanks!!</span><span style=" font-size:12pt"><br><br></span><span style=" font-size:10pt;color:#808080;font-family:Arial"><br><br>------------------</span><span style=" font-size:12pt;font-family:Arial"><b><br>Sean Penndorf</b></span><span style=" font-size:10pt;color:#808080;font-family:Arial"><br>SaaS Operational Services (SOS) - ID Management<br>IBM Cloud</span><span style=" font-size:12pt;color:blue"><u><br></u></span><a href=mailto:srpenn@us.ibm.com><span style=" font-size:10pt;color:blue;font-family:Arial"><u>srpenn@us.ibm.com</u></span></a><span style=" font-size:10pt;color:#808080;font-family:Arial"><br>Office: 248-552-4791   TL  623-9966</span><span style=" font-size:12pt"><br><br><br><br></span><tt><span style=" font-size:12pt"><br>_______________________________________________<br>midPoint mailing list</span></tt><span style=" font-size:12pt;color:blue"><u><br></u></span><a href=mailto:midPoint@lists.evolveum.com><tt><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><span style=" font-size:12pt;color:blue"><u><br></u></span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e="><tt><span style=" font-size:12pt;color:blue"><u>http://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><span style=" font-size:12pt"><br><br></span><tt><span style=" font-size:12pt"><br>-- <br>Ivan Noris<br>Senior Identity Engineer<br>evolveum.com</span></tt><span style=" font-size:12pt"><br></span><tt><span style=" font-size:10pt"><br>_______________________________________________<br>midPoint mailing list</span></tt><tt><span style=" font-size:10pt;color:blue"><u><br></u></span></tt><a href=mailto:midPoint@lists.evolveum.com><tt><span style=" font-size:10pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><span style=" font-size:12pt;color:blue"><u><br></u></span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e="><tt><span style=" font-size:10pt;color:blue"><u>https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e=</u></span></tt></a><span style=" font-size:12pt"><br><br><br><br><br></span><br><tt><span style=" font-size:12pt">_______________________________________________<br>midPoint mailing list<br></span></tt><a href=mailto:midPoint@lists.evolveum.com><tt><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><tt><span style=" font-size:12pt"><br></span></tt><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=PlkHWfNwTADOnEG4-XYEH9Tq05nZZWik93K7oCZhbm0&s=JM71DSJpesgjFeCbInR_skmTVdhLeR2d3zHXUPIE4Gg&e="><tt><span style=" font-size:12pt;color:blue"><u>http://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><tt><span style=" font-size:12pt"><br></span></tt><br><br><tt><span style=" font-size:12pt">-- <br>Ivan Noris<br>Senior Identity Engineer<br>evolveum.com<br></span></tt><br><tt><span style=" font-size:10pt">_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br></span></tt><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=PlkHWfNwTADOnEG4-XYEH9Tq05nZZWik93K7oCZhbm0&s=JM71DSJpesgjFeCbInR_skmTVdhLeR2d3zHXUPIE4Gg&e="><tt><span style=" font-size:10pt">https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=PlkHWfNwTADOnEG4-XYEH9Tq05nZZWik93K7oCZhbm0&s=JM71DSJpesgjFeCbInR_skmTVdhLeR2d3zHXUPIE4Gg&e=</span></tt></a><tt><span style=" font-size:10pt"><br></span></tt><br><br><BR>