Hi Team,
Using Mapping Rule Category, assignment of ADSGroups to ADSAccounts can be controlled based on matching positions.
Is there a way to implement the Mapping Rule Category higher up, say on the ESet or Org?
- An example is an ADSGroup that can be assigned to either an ADSAccount that has a category of Internal or External
- Person has two ADSAccounts, with category Internal and the other External
- There are two ESets, one for Internal and the other for External
- Both ESets are allocated to the ADSGroup
- An Eset for Internal is allocated to the Person
- The required outcome is that the Person ADSAccount (Internal) inherits the ADSGroup and that the ADSAccount (External) does not
Using main and sub identities would be able to deal with the above, however it's too much of a change for a customer. I was thinking of creating a Script that would remove the ADSGroup allocated to External based on the ESet mapped, but not sure if this would be a good idea.
Kind regards,
