Automatic Groups provisioning when Role assigned to User

ldengiam · April 9, 2023, 12:26am

We have a how-to question for IDM 7.3.

Context:

There are three Managed Object Types in IDM: User, Role and Group. Multiple groups can be attached to a Role and multiple roles can be assigned to a user.
There is a connector to an External DS 7.3
There is a mapping from IDM Managed User to DS User

Use Case:

When a role is assigned to a user in IDM, the corresponding groups attached to that role will be synced to the target DS for that user.

I’m thinking about using Assignment to do it but couldn’t find a proper way. Any suggestion is appreciated.

Best,
Le

kelly.moosman · April 12, 2023, 8:15pm

Hi, Le!

My apologies if this doesn’t cover what you’re asking. Have you seen this article? It includes specific instructions on creating a role, creating an assignment, and then creating a relationship between the two.

https://backstage.forgerock.com/docs/idm/7.3/objects-guide/working-with-role-assignments.html

Warm regards,
Kelly

ldengiam · April 14, 2023, 3:45pm

Thanks for the message Kelly. Yes, I have seen this document and other related documents. It’s a little different from the scenario I described, but I got it sorted out now. Appreciate your response.

Best,
Le