How to Get User Information from Directory to ESM to ESS with EPE

In this article is checklist for configuring Efecte Service management to be able to link user information to Efecte Self-service portal. 

• ESM organization connector is configured.
   
  • The connector handles the provisioning of users from Efecte Service Management system (ESM) into Efecte Self Service (ESS).  
    
     
  • Make sure that there are at least some Person datacards in ESM, that have at least mappings for : emailFieldName, groupsFieldName, siteFieldName, userIdFieldName, userPrincipalName.
    (only Person datacards that have those 5 mappings defined and populated in ESM, will be provisioned to ESS). in example below: 
    
     

"userIdFieldName" is mapped to the attribute code of "Active Directory Account". 
"userPrincipalName" is mapped to the attribute code of "Active Directory Account".  
"groupsFieldName" is mapped to the attribute code of "ESS Groups" 
"siteFieldName" is mapped to the attribute code of "Person site"

• 
   
•  person_site_ess attribute is configured in ESM Person template
  • Organizational Unit (OU) that belongs to a site defined for the customer
    
     
  • Please note that ESS site structure is case-sensitive! So if site has a DC=FI it's a different site than DC=fi
    
     
  • If customer is using complex ESS site structure you can use following expression to match part of the OU from DN and place it to "ess_person_site".
    
     

_site1 = "OU=Users,DC=example1,DC=example,DC=fi"
_site2 = "OU=Admins,DC=exampe1,DC=example,DC=fi"
_site3 = "OU=Production,DC=example1,DC=example,DC=fi"
_site4 ="OU=External,DC=example1,DC=example,DC=fi"
_site5 = "OU=Managers,DC=example1,DC=example,DC=fi"
_site6 = "OU=Development,DC=example1,DC=example,DC=fi"if dn:
  _dn = this.get("dn")
  if _site1 in _dn:
    _result = _site1
  elif _site2 in _dn:
    _result = _site2
  elif _site3 in _dn:
    _result =_site3
  elif _site4 in _dn:
    _result =_site4
  elif _site5 in _dn:
    _result =_site5
  elif _site6 in _dn:
    _result =_site6
  else:
    _result="No matching ESS site found from users dN"
else:
  _currentValue = this.get("person_site_ess")
  _result=_currentValue

• groups_ess  attribute is configured in ESM Person template
  
  
  • Shows Groups (entitlements) that a user belongs to. ESS can be configured to present different options depending on the groups that a user belongs to.
    
     
  • If missing user cannot see any services in ESS
    
     
  • Expression in groups_ess
    
    

    if account:  
      _result = this.getAll("$account:entitlements:name$")
    else:
      _result ="No Groups"

• Check Sites settings from ESS admin. There must be same Site value as a OU in Person's sites settings in ESM.  Then, ESS will present service offerings depending on the  'site' that the person belongs to.
  
   
• Verify that every 5 minutes (this is configurable in esm-organization-connector.xml), all Persons data cards that were updated in ESM during the last 5 minutes, are sent to ESS).