How to record admin user id/name in newly provisioned user account?

Suriya · April 24, 2024, 11:58am

Hi there,

We got the requirement that admin user (tenant admin) / the user admin who logged in with the authority to create new alpha user, while creating it we need to record who created this particular account (CREATED BY) and store that value.
Currently I am working on achieving it through event hooks but I don’t know how to access the user detail who created it.
Need help in this. Thanks in advance!

grpensa · April 24, 2024, 12:58pm

This information can be sourced from the Audit logs, where it is recorded for you. Why duplicate the effort or waste cycles persisting this data in the persistent data store?

Suriya · April 24, 2024, 4:45pm

hi @grpensa,

First of all thank you for ur response!
I understand that but the requirement is we need to push back this information to remote Identity as a value in attribute. That’s the reason we need to achieve this.

Thanks in advance!

Suriya · April 25, 2024, 3:19pm

Can anyone provide me solution for this. Thanks in advance!

grpensa · April 25, 2024, 7:54pm

Suriya,

Thank you for the update. Yes, the identity ReST API would of course have access to the identity in question. The repository api can be used to publish the additional information into a persistence store, and either the claims script or )(my preference) the policy engine can source these properties and include them as claims within your tokens.
Don’t forget to extend the schema of the DS to accommodate your new attribute, prior to this.

Let us know how you get on.
Guy.

Suriya · April 29, 2024, 5:41am

Hi @grpensa ,
Thank you so much for ur response. But if I get any sample script to implement this requirement it would do a great help since I am new to this implementation.
Thanks in advance.

ajaykumar_suri · April 29, 2024, 1:19pm

Hi Suriya

If you are writing an event hook, you should try to log the following and see if you can capture “CREATED BY” from either the context or the request.

nodeLogger.warn(“Context …” + context);
nodeLogger.warn(“Request …” + request);

Suriya · April 29, 2024, 1:46pm

Hi @ajaykumar_suri ,
I am not familiar with this, so your suggesting to get it from context/request right.
For e.g.,
object.created_by = session.username; something like this?

Thank you so much for your response!

patrick_diligent · April 30, 2024, 4:56am

Hi Suriya,

As explained by @ajaykumar_suri, the way is to inspect the context from the onCreate/onUpdate event hooks (just log it). The context includes a security context, which might well have the information you need,

FYI → Request context chain :: IDM 7.4.0 and Script triggers defined in the managed object configuration :: IDM 7.4.0

Regards
Patrick

Suriya · April 30, 2024, 12:44pm

hi @patrick_diligent ,

I am working on this but if I get any sample steps or scripts that would do a great help.

Thank you for your response.