Spread users over multiple groups

We’re setting up a list of Access Policies and Roles for various birthright activities. currently just AD groups. The IdentityNow Bulk AccessProfile and Role Importer is working great for us.
One of the overriding requirements is for the users to be spread over multiple groups, rather than just a single group. For example, They have groupA, groupB and groupC.
So when user1 is added, they get groupA, user4 they get groupB, user5 gets groupC. Is there a way to do this without using a Rule?
Or will we need to create an after provisioning Rule to spread the users over the groups?

Thanks,
Chris

Hi @chrisp,

I’m not familiar with the IdentityNow Bulk AccessProfile and Role Importer. Is this a tool that SailPoint is providing, or an API?

Hi @chrisp,

Are you referring to the IdentityNow Bulk AccessProfile and Role Importer referenced in this Compass article? Sign In to Compass - Compass

@colin_mckibben @christina_gagnon Yes, this is the tool. It states:
This tool is supported by the SailPoint Compass Community only.
Basically, it’s a Ruby script that calls the SailPoint IDN API calls based on a CSV configuration file for Access Policies and Roles.
We’ve found it useful to document and create the needed Access Policies and Roles. We were about to manually build a similar set of features using the API calls.

Thanks,
Chris

Is there any logic to assigning users to the 4 groups, or are you just trying to randomly assign users across the 4 groups to have an even split? If there’s logic, we might be able to do this within the tool, but if it’s random then a custom script/rule will be needed.

It’s random, but we’re thinking that there may be some way to use a field which is semi-random. In the past I’ve used the last digit of a Employee id.

@chrisp,

You could try using the Random Number Generator transform to spread the users out. Please see this post to see how that might work in practice.