Version 8.1
We have a requirement to set some groups unrequestable by defaults for some OU specified groups in AD.
Hi @akhil_chidurala ,
You can use group refresh rule. Refer - A simple rule to set Entitlements to non requestable
Please let me know if you have any other questions else you can mark the appropriate answer as solution
Hi @akhil_chidurala you can make a standalone rule to be run on demand or if you want to schedule that.
here you are an example for the steps:
Since by default requestable flag is true, for entitlements after running aggregation.
we need custom rule to be written with logic:
and sample from the code already provided by @kavindar_sharma .
Have a nice and great one!
Regards,
Muhammad
Hi,
I dont know if I understand but:
If you want make unrequestable some group only for the users in specific OUs, you can use an identitySelector rule(with the filter that you want) in quicklinks for dont appears in the request page for those users.
or if you want make unrequestable for everyone you can set unrequestable those group in a groupAggrergation rule
Hi @akhil_chidurala I simulated now another way “apart from the one that I already mentioned which is working as well” to achieve that with a few lines of code in the “Group Aggregation Refresh Rule”
String accountGroupDN = accountGroup.getNativeIdentity();
if(accountGroupDN.contains("OU=TestOU")){
accountGroup.setRequestable(false);
}
Here you are screenshots (before and after)…
FYI testgroup1 and testgroup3 are located in OU named “TestOU” as mentioned in the 2nd line.
and after running the aggregation task for AD after adding the previously mentioned lines to the “Group Aggregation Refresh Rule”
here you are the result…
Have a nice and great one!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
