Identity Manager Community

Forum Assign entitlements assigned to department to employees with exception

State Not Answered
Replies 3 replies
Subscribers 93 subscribers
Views 960 views
Users 0 members are here

Options

Related

Assign entitlements assigned to department to employees with exception

dmytro kriachok over 2 years ago

I have AD groups assigned to Department with inheritance - how to assign this groups only to employees in this department which meet the condition?

0 Markus Weiss-Ehlers over 2 years ago

What condition? OneIM does not support conditional inheritance (it would produce an audit nightmare).

But you can either create a new dynamic business role based on your condition and assign the AD Group and the employees there. The condition could include your department as well.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 dmytro kriachok over 2 years ago in reply to Markus Weiss-Ehlers

All employees has attribute in Person table with status 1/2(Candidad/Employee), so the groups assigned to department must assign only to employyes with status 2 in this department and sub departments
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Markus Weiss-Ehlers over 2 years ago in reply to dmytro kriachok

Did you think about using categories (at your groups and accounts) to control the inheritance of those groups to your candidates/employees? https://support.oneidentity.com/technical-documents/identity-manager/8.1.5/administration-guide-for-connecting-to-active-directory/36#TOPIC-1645496

Or, if the candidates should not inherit any groups, you could uncheck the flag IsGroupAccount at all user accounts associated with the candidates.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel