How can we restrict reconciliation for a set of users when a scheduler is configured to run a job every 5 mins to trigger the mapping from Managed user to DS account. The set of users are shared for testing purpose which should not be disturbed. These set of users are created in managed/user object. Please share some ways to achieve this.
Greetings Karan,
The magic with the Reconciler is the appropriate configuration of “Situations and Actions”
https://backstage.forgerock.com/docs/idm/7.5/synchronization-guide/chap-situations-actions.html
in the sync mapping.
Should you require the filtering of accounts, you will need to launch a script which articulates the appropriate filter criteria for that particular Action:
https://backstage.forgerock.com/docs/idm/7.5/synchronization-guide/sync-actions.html#script-actions
Cheers.
1 Like
How can I implement above for two set of users which are in found situation and they don’t have to be updated?
Hi @KaranNayyar1 - take a look at Guy’s second link, where you can use a script to trigger an action (such as “IGNORE”) when the object found matches certain criteria. Presumably, these testing users have a property which identifies them as testing users and you can key off of that to change the action to “IGNORE” for that particular situation.
1 Like
Also, what would be the best approach to set up some test users in the managed object, which are utilized for testing some functionalities, to be left undisturbed?
Good morning All!
@mwtech, I concur… or a validation for the “update” behavior. 6 of 1/half a dozen for the other ;-)
@KaranNayyar1 (it seems you have 3 ids??). Users are not “in the managed object”. All objects are an instantiation using the targeted managed object as a definition for the implemented schema. It would be simple enough to
- extend the managed object to add a property.
- let this property infer “a test user”
- In your sync mappings, use this property as criteria for the situations and behaviors.
Cheers