Allowing users to specify the container DN
You can configure Bravura Security Fabric to use a profile/request attribute to prompt users for the destination container when creating or moving accounts on a target system that supports contexts.
When the Profile/request attribute to use as the container DN option is configured on the Target system information page, users can:
Set the destination container when creating new accounts.
Users do this by setting the profile/request attribute value in the request form. By default, Bravura Security Fabric creates new accounts in the same container as the template. Without the profile/request attribute, you may need to set up identical templates for each container.
If enabled when setting the target system address, Bravura Security Fabric can also create a container if a non-existing one is specified.
Move existing accounts on the target system to a different container.
Users do this by setting the To container value – which is actually the profile/request attribute, but with a different name – on the move accounts page. Bravura Security Fabric only displays the move operation (the Move button) for users with accounts that can be moved between containers.
To allow users to select a container for a create account or move context operation:
Add a profile attribute to provide a place to prompt the user for this information.
It is recommended that you configure the profile attribute to have a set of restricted values, so that the requester or product administrator can select from a drop-down list.
Ensure that you set read/write permissions for the profile attribute.
Provide a group of users the "Move user from one context to another" rule.
Update the Target system information page by typing the name of the profile attribute in the Profile/request attribute to use as the container DN field.
This allows Bravura Security Fabric to use the profile attribute for this purpose.