Implementing After Actions

Identity Manager only pushes changed attributes to a resource on an update. An action cannot access any attributes that have not changed. If you write an after action that requires an attribute that might be unchanged, consider the following workaround:

Accessing Unchanged Attributes

1. Add an extra attribute to the resource’s schema map that mimics the account attribute that you need to access. For example, if you need to access the fullname account attribute, you could create an attribute named shadow_fullname. In the Resource User Attribute column of the schema map, add the value IGNORE_ATTR. for this new attribute to prevent the adapter from trying to use it.

2. Set the value in your user form so that the attribute is populated:

   <Field name=’accounts[ResourceName].shadow_fullname’> <Expansion> <ref>accounts[ResourceName].fullname</ref> </Expansion> </Field>

3. Reference %WSUSER_shadow_fullname% in your action so that it can get the value.

   Identity Manager never retrieves an attribute that is set to IGNORE_ATTR. As a result, Identity Manager considers the contents of an attribute such as shadow_fullname as a new value. The attribute is always pushed to the adapter and is available to after actions.