Need to check on the group value after user login from Pass through

Hi Team,

I have to check on the group of the user after the user gets authenticated from the passthrough node which is checking user creds form LDAP connector in ForgeRock IDC. So when checking on the on the API openidm/system/connectorDetails/User?_queryFilter=uid+eq+“xxxxx” I am getting group in the response but not sure how to use it in the journey. If I create a script to call this API check the group so in that case I have to all two different API in the script the first one will be /access_token with scope fr:idm"* and then use the access token to filter the user in API "openidm/system/connectorDetails/User?_queryFilter=uid+eq+“xxxxx” , or is there any other way by node we can achieve this requirement.
User get authenticate → Passthorugh Authn → Group Check → If group A → inner tree A or If group B → inner tree B.

Thanks

Hi @tanay1121,

You’re on the right direction! You should request the target system through IDM and RCS using the API. if you’re using next-generation script it can be done really easily because you’ve access to new binding and you don’t have to get an AT before; idm binding is documented here. This portion of script should do the job to get the groups of the user:

var user = openidm.read("system/connectorDetails/User?_queryFilter=uid+eq+" + userID);
var groups = user.memberOf;

more documentation about idm function are documented here.

If you’re on a prior version, then what you suggested is your best approach I believe.
best regards,
Steph.