Troubleshooting Guide

If you encounter any of the issues or errors listed below, Cross Identity suggests following the provided guidance to address the error before contacting Cross Identity Support.

1. Once CSV import is successfully completed, the user is not created in CI.

   Resolution: Open the CSV file in Notepad and check whether any field is kept blank, and the number of columns is equal to the number of values, the username should be present mandatorily.

2. After CSV file import, the manager is not assigned to the user created in CI.
   Resolution: While mapping attributes, choose the manager name attribute value from the CSV and map it with the username attribute of CI, which is the mandatory attribute in the CSV file.

3. How do we enable the 636 SSL certificate on the agent server?
   Resolution: Follow the below steps to enable the certificate:

   • Place the certificate in the agent folder.

   • Open the bin path using the below command.
     C:\Windows\system32>cd C:\<CIDagent>\jre\bin

   • Now run the given command (certificate name 1: provide new certificate name, certificate name 2: Provide the existing certificate name placed in the Cross Identity folder).

   • C:\Cross Identity\<CIDagent>\jre\bin>keytool -importcert -alias "certificate name 1" -keystore "C:\Cross Identity\<CIDagent>\jre\lib\security\cacerts" -storepass changeit -file "C:\Cross Identity\certificate name 2"

4. User does not receive OTP to the registered mobile number for the password reset and account unlock procedure.
   Resolution: You need to check the SMS credit balance in Cross Identity. Follow the below path to check the SMS credit balance:
   CI.Admin > Advanced > SMS Configuration > Credits

5. User does not receive a first-time login password to the registered mobile number.
   Resolution: Check the SMS Notifications in Cross Identity if it is enabled.
   CI.admin > Advanced > SMS Configuration > SMS Notification > Enable user creation notification.

6. How to create a "userid" for any attribute while adding a user through “Add User Form”, “API”, and “CSV”.
   Resolution: 

   1. Example: Where user-id is (username= firstname+ lastname)
      CI.admin>Identities>Identity Mapping>Select the required option (Add User Form, API, CSV)>Add> Select the required attribute(username)>Add>Expression> Provide the expression which combines first and last name.

   2. Example: where user-id is (username= firstname)
      CI.admin>Identities>Identity Mapping>Select the required option (Add User Form, API, CSV)>Add> Select the required attribute(username)>Add>User Profile Attributes> Choose the appropriate attribute which has to be mapped(First name)

   Follow the below steps:

   1. Select Add User Form and click the Add button.

      

   2. Select the default attribute and click Add.

      

   3. Select the Mapping type and map accordingly, if an expression is selected then provide the appropriate expression and click Save.

      

7. Add custom attributes.
   Resolution: Below are the steps to add custom attributes:

   1. Open any IGA application, and navigate to Application Account Attributes.

      

   2. Click Add. Check the box as highlighted and enter the count of custom attributes needed and click Add.

      

   3. Provide the name for a custom attribute and map it accordingly. Click Save.

      

8.  Unable to delete a workflow.
   Resolution: The workflow must be in progress hence preventing deletion. There are a few scenarios wherein deletion of workflow will not work:

   1. For Access Request Workflow: the user has requested workflow, but the approver didn't take any action.

   2. For Access Certification Workflow:
      For Immediate Fulfillment: the workflow has been started and the reviewer has taken actions for only a few users.
      For Delayed Fulfillment: the workflow has been started and the reviewer has taken action as well. However, as it is delayed fulfilment, the certification process cannot be completed until the scheduler stops, preventing the deletion of the workflow.

9. Clear entitlement does not remove all the entitlements within the IGA application. Only a subset of entitlements is deleted, while the remainder persists even after resetting the account.
   Resolution: Go to the IGA application -> Entitlements-> Clear Entitlements -> select the required option i.e. either only entitlements have to be removed or both definitions along with entitlement have to be cleared.

   Note:

   For the entitlements that are not being cleared:
   Navigate to the Workflows and inspect all workflows in the target section to verify if the uncleared entitlements are associated. If they are present, remove the entitlements and then try to clear entitlements. Please note that if the workflow is in progress, it is not possible to remove the target.

10. Change templates of email and SMS OTP.
    Resolution: Navigate to Advanced > SMTP Configuration to make modifications for email and opt for SMS Configurations to modify the SMS Template.

    

    SMTP Configuration

    • Click on User Notifications.

    • Select the Template Type where modification must be done. Provide the HTML content as required and click Save.

      

       For Reference: 

    <p>Dear <b>IDAAS_USERNAME,</b><br><br>
             “Message to be displayed” <b> IDAAS_CRED</b><br><br>
             Regards, <br>
             “Team name”</p>

SMS Notifications

• Click SMS Configuration > SMS Notifications.

  

• Select the template type and modify it as needed. Click Save.