Workflow Add Several User to Group

Hello i would like to build a workflow that

- Use Trigger "Add Member to Group"  > TriggerGroup01

- All User that are added to trigger group should be added to a second AD Group > TargetGroup01

- Would like to execute a script to add the user to an Azure AD Group

This lets me add one User at a time to my trigger group, but if a add two at same time only one user works with the workflow

Workflow: Adding a user to a specific group and execute a script - Forum - Active Roles Community - One Identity Community

Is it possible to build a workflow that will execute this for several added members to a trigger group or would it be even the right tool for this. It seems that its not practiable to add several user to a group this way, maybe its easier to create a auto group cloned from trigger group

It seems like after i do a user search and find the members i cant check if user is already member of desired group but i think doing a user search and than save object is the only way to do a "ForEach"

edit

it seems like you can do a "start trigger add group" > "User Search get member from Trigger Group" > "save search" > IF Member from "add to group" does not contain user from save search"

Top Replies

Parents
  • If I can make a suggestion for an alternate method that is, I feel, both simpler and more robust:

    The biggest drawback here is that Change Workflows can only be triggered by an Active Roles client. If some other Active Directory client or process adds a user to a group, nothing will happen.

    Instead, I would implement an Automation Workflow that periodically scans the members of the group. The Workflow finds all members that are not stamped with a specific Virtual Attribute value and then stamps them.

    Automation Workflows can fire Change Workflows. Have a Change Workflow triggered by stamping the Virtual Attribute, which fires your script to perform your desired operation.

    You can use a second Automation Workflow to find users who are not a member of the group but who have the specific Virtual Attribute set. These are users who have been removed from the group. This Automation Workflow can clear their Virtual Attribute.

    A second Change Workflow would be triggered by clearing the Virtual Attribute value, which runs a different script and takes care of the operation that you want to fire when a user is removed from the group.

    This process is easier to follow, easier to troubleshoot, and easier to implement. The only drawback is that it is not a real-time change, but you can adjust the schedule if you need to. Since you are looking for a specific Virtual Attribute value, it should be fairly lightweight.

  • thank you for your input i will try to test this

Reply Children
No Data