In One Identity sandbox we assigned AD groups to selected privilege accounts from IT shop web portal using Resource properties and custom process.
So we created a Resource property for privilege accounts and normal account , defined them in personwantsorg, shoppingcartitem, Identity type in person table.
Now user can select Account type from Resource property and can raise the request for AD group.
so using custom process we are able to assign the AD group to requested privilege account rather than normal AD account.
Here we are facing few issues:
1)The same AD group can be assigned to multiple privilege accounts and to the normal AD account for the same user?
2)Once the AD group is already assigned to any of privilege account or AD account to particular user in IT shop, under that AD group service item the message is like "the product is already assigned to the user", so in this scenario this the right message or not? and the same group can be assigned to other privilege account or normal AD account to the same user?
3)How this service item or product will behave among these accounts and this scenario could you please suggest us.