Hi Experts,
I’m trying to populate a value in Identity attribute when a user gets a added to a role. Is there any option to achieve this as I don’t see an option through workflow.
How does the user get added to a role? Is it calculated based on some entitlement or attribute criteria? Or is it purely access request?
On top of @colin_mckibben 's questions - Does the role contain access? And can the access in the role be granted by some other mechanism?
Depending on the answers to these questions you can likely create a transform that will calculate what you are looking for, but the structure of the transform could vary widely based on these answers.
@colin_mckibben User gets added to the role based on entitlement criteria.
@KevinHarrington The role does not contain any access. Our goal is to populate an identity attribute when a user gets added to an AD group.
Can you please elaborate on your use case? What are you ultimately trying to do? I ask because there may be a different approach than using identity attributes and roles.
Plug your group name in where my fake DN is below and update your return values.
{
"name": "Member of specified AD Group",
"type": "static",
"attributes": {
"groupMember": {
"attributes": {
"ignoreErrors": "true",
"values": [
{
"attributes": {
"sourceName": "Active Directory",
"attributeName": "sAMAccountName",
"accountPropertyFilter": "(memberOf.containsAll({\"cn=groupname,dc=domain,dc=com"}) )"
},
"type": "accountAttribute"
},
"NONE"
]
},
"type": "firstValid"
},
"value": "#if($groupMember == \"NONE\")NOT IN GROUP#{else}IN GROUP#end"
},
"internal": false
},
This will get you the value if the user is a member of the group.
@colin_mckibben I’m trying to launch a campaign for an Identity when AD groups gets added to this Identity’s AD account. I just found the workflow trigger Native Change detection update which is helpful to achieve this use case,
Thankyou