We have a requirement to automatically assign a default AD group to an account when it gets created in the target application.

Venu1010 · October 10, 2025, 2:01pm

Hi All,

"Could you please advise how we can achieve this?

I have tried using a Business Role with an assignment rule, but it’s not working as expected. Below is a screenshot for your reference."

Eric_Mendes_CISSP · October 10, 2025, 2:38pm

What’s not working? Are you getting an error? You need to make sure you refresh the identity with the option enabled to “Refresh assigned, detected roles and promote additional entitlements”.

Also, instead of using a script, I would use a Match List to make it easier to implement and review for business role owners. You can select an Application and target a specific value if you need to ensure the account is enabled before the role is assigned.

Topic		Replies	Views
We have a requirement to automatically assign a default AD group to an account when it gets created in the target application IIQ Discussion and Questions identityiq	2	57	December 7, 2025
Role Based Provsion IIQ Discussion and Questions identityiq , provisioning	5	98	June 7, 2025
Role to Create Account in Application IIQ Discussion and Questions identityiq , roles , accounts	5	105	March 9, 2025
Automatic Role creation from aggregated groups in WebService Connector IIQ Discussion and Questions identityiq	1	46	May 12, 2025
I need to know how to customize the joiner work flow when detect a new user to create an account on AD and assign it to specific role IIQ Discussion and Questions workflows , identityiq , provisioning	2	72	November 23, 2025

We have a requirement to automatically assign a default AD group to an account when it gets created in the target application.

Related topics