How to add two groups to the same user using provisioning rule

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

[SailPoint IIQ 8.3]

Share all details about your problem, including any error messages you may have received.

[How can we add two groups to the same user using before provisioning rule in AD application. (we can hardcode the two groups values in rule)]

2

List currentADGroups = new ArrayList();
add your groups DNs in this list

AttributeRequest groupAttributeRequest = new AttributeRequest(“memberOf”, ProvisioningPlan.Operation.Add, currentADGroups);
accountRequest.add(groupAttributeRequest);

3

Thanks for your reply @sunnyajmera . I have tried your way but somehow not working. Sharing the code for Reference.

import sailpoint.object.*;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
import java.util.List;
import java.util.ArrayList;

// Get the account requests for the AD application

List accRequest = plan.getAccountRequests(“ACTIVE-DIRETORY-APPLICATION”);
String identityName = plan.getIdentity().getName();

// Defining list to hold the group DNs

List currentADGroups = new ArrayList();

// Add hardcoded group DNs
currentADGroups.add(“CN=Accounting,OU=FID_Groups,OU=FID_DATA,DC=test,DC=com”);
currentADGroups.add(“CN=HR-Dept,OU=FID_Groups,OU=FID_DATA,DC=test,DC=com”);

// Iterateing through all account requests

for (AccountRequest accountRequest : accRequest)
{

// Createing  single AttributeRequest to add multiple groups

AttributeRequest groupAttributeRequest = new AttributeRequest("memberOf", Operation.Add, currentADGroups);

// Adding  attribute request to the account request
accountRequest.add(groupAttributeRequest);


System.out.println("Added AD groups to user " + identityName + ": " + currentADGroups);

}

return plan;

4

can you print your plan and share how it looks?

5

Hi @Shalaka_Gawande,

I wanted to share a method that worked for me. I’m currently reading the group from a custom object, just so you’re aware. I modified this code to make it easier to set up in the code as well.

List<String> entitlementList = new ArrayList<>();
entitlementList.add("Group1");
entitlementList.add("Group2");

if (entitlementList != null && !entitlementList.isEmpty()) {
    for (String entitlement : entitlementList) {
        accountRequestObj.add(new AttributeRequest("memberOf", ProvisioningPlan.Operation.Add, entitlement));
    }
}

Hope this helps! let me know how it worked for you.

Thanks,
@SivaLankapalli

1 Like
6

Thanks! @SivaLankapalli . Its working.

7

Hi @Shalaka_Gawande,

I’m glad this solution worked for you! If others face a similar issue, marking it as a solution could help them find guidance more easily

Thanks

8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.