How do I provision external accounts in a pre-defined order in IDM (All versions)?
The purpose of this article is to provide information on provisioning external accounts in a pre-defined order in IDM using implicit synchronization.
Provisioning external accounts in a pre-defined order
If you require provisioning to take place in a specific order, for example, you have multiple accounts that need to be created in a set order or you have LDAP accounts with both a main and sub-entry, where:
- Main entries must be created before sub-entries.
- Sub-entries must be deleted before main entries.
You must have a mapping per account or entry and then ensure the mappings in the sync.json file (located in the /path/to/idm/conf directory) are in the required order; provisioning occurs according to the order of the mappings in the sync.json file. For example, if the mapping for the main entry is listed in the sync.json file before the mapping for the sub-entry, the main entry will be provisioned/deprovisioned first, followed by the sub-entry.
The sync-two-external-resources sample (sample5) contains multiple mappings to help you understand more fully how this works.
How do I merge multiple external accounts to a single managed/user object in IDM (All versions)?
Synchronize Data Between Two External Resources
ForgeRock Identity Management Deep Dive (IDM-420)
Related Issue Tracker IDs