How to add two groups to the same user using provisioning rule

Shalaka_Gawande · April 30, 2025, 10:20am

Which IIQ version are you inquiring about?

[SailPoint IIQ 8.3]

Share all details about your problem, including any error messages you may have received.

[How can we add two groups to the same user using before provisioning rule in AD application. (we can hardcode the two groups values in rule)]

ajmerasunny · April 30, 2025, 11:29am

List currentADGroups = new ArrayList();
add your groups DNs in this list

AttributeRequest groupAttributeRequest = new AttributeRequest(“memberOf”, ProvisioningPlan.Operation.Add, currentADGroups);
accountRequest.add(groupAttributeRequest);

Shalaka_Gawande · April 30, 2025, 12:07pm

Thanks for your reply @ajmerasunny . I have tried your way but somehow not working. Sharing the code for Reference.

import sailpoint.object.*;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
import java.util.List;
import java.util.ArrayList;

// Get the account requests for the AD application

List accRequest = plan.getAccountRequests(“ACTIVE-DIRETORY-APPLICATION”);
String identityName = plan.getIdentity().getName();

// Defining list to hold the group DNs

List currentADGroups = new ArrayList();

// Add hardcoded group DNs
currentADGroups.add(“CN=Accounting,OU=FID_Groups,OU=FID_DATA,DC=test,DC=com”);
currentADGroups.add(“CN=HR-Dept,OU=FID_Groups,OU=FID_DATA,DC=test,DC=com”);

// Iterateing through all account requests

for (AccountRequest accountRequest : accRequest)
{

// Createing  single AttributeRequest to add multiple groups

AttributeRequest groupAttributeRequest = new AttributeRequest("memberOf", Operation.Add, currentADGroups);

// Adding  attribute request to the account request
accountRequest.add(groupAttributeRequest);


System.out.println("Added AD groups to user " + identityName + ": " + currentADGroups);

}

return plan;

ajmerasunny · April 30, 2025, 2:08pm

can you print your plan and share how it looks?

SivaLankapalli · April 30, 2025, 2:12pm

Hi @Shalaka_Gawande,

I wanted to share a method that worked for me. I’m currently reading the group from a custom object, just so you’re aware. I modified this code to make it easier to set up in the code as well.

List<String> entitlementList = new ArrayList<>();
entitlementList.add("Group1");
entitlementList.add("Group2");

if (entitlementList != null && !entitlementList.isEmpty()) {
    for (String entitlement : entitlementList) {
        accountRequestObj.add(new AttributeRequest("memberOf", ProvisioningPlan.Operation.Add, entitlement));
    }
}

Hope this helps! let me know how it worked for you.

Thanks,
@SivaLankapalli

Shalaka_Gawande · May 2, 2025, 3:56am

Thanks! @SivaLankapalli . Its working.

SivaLankapalli · May 7, 2025, 5:31pm

Hi @Shalaka_Gawande,

I’m glad this solution worked for you! If others face a similar issue, marking it as a solution could help them find guidance more easily

Thanks

Topic		Replies	Views
Add AD group to user when request for a specific application entitlements IIQ Discussion and Questions identityiq , access-requests	6	372	July 23, 2024
Adding Members into Office365 Group IIQ Discussion and Questions identityiq , provisioning	7	113	November 18, 2024
Update the Azure AD group with member list IIQ Discussion and Questions identityiq , provisioning	7	95	July 15, 2025
Create plan adding while adding the members to AD group IIQ Discussion and Questions identityiq , provisioning	6	780	January 29, 2024
How to Add Group Members While Creating Active Directory Group Using Plan IIQ Discussion and Questions aggregation , identityiq , provisioning , governance-groups	4	1009	June 9, 2024

How to add two groups to the same user using provisioning rule

Which IIQ version are you inquiring about?

Share all details about your problem, including any error messages you may have received.

Related topics