To Populate an Identity Attribute

Hi Experts,

I’m trying to populate a value in Identity attribute when a user gets a added to a role. Is there any option to achieve this as I don’t see an option through workflow.

How does the user get added to a role? Is it calculated based on some entitlement or attribute criteria? Or is it purely access request?

On top of @colin_mckibben 's questions - Does the role contain access? And can the access in the role be granted by some other mechanism?

Depending on the answers to these questions you can likely create a transform that will calculate what you are looking for, but the structure of the transform could vary widely based on these answers.

@colin_mckibben User gets added to the role based on entitlement criteria.

@KevinHarrington The role does not contain any access. Our goal is to populate an identity attribute when a user gets added to an AD group.

Can you please elaborate on your use case? What are you ultimately trying to do? I ask because there may be a different approach than using identity attributes and roles.

Plug your group name in where my fake DN is below and update your return values.

        "name": "Member of specified AD Group",
        "type": "static",
        "attributes": {
            "groupMember": {
                "attributes": {
                    "ignoreErrors": "true",
                    "values": [
                            "attributes": {
                                "sourceName": "Active Directory",
                                "attributeName": "sAMAccountName",
                                "accountPropertyFilter": "(memberOf.containsAll({\"cn=groupname,dc=domain,dc=com"}) )"
                            "type": "accountAttribute"
                "type": "firstValid"
            "value": "#if($groupMember == \"NONE\")NOT IN GROUP#{else}IN GROUP#end"
        "internal": false

This will get you the value if the user is a member of the group.


@colin_mckibben I’m trying to launch a campaign for an Identity when AD groups gets added to this Identity’s AD account. I just found the workflow trigger Native Change detection update which is helpful to achieve this use case,


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.