I am new to this but want to ask if Automatic Group membership based on their AD attributes, mainly Department, Jobtitle etc is possible?
1. We provision users from SAP via FIM to AD. Users remain Disabled until Service
Desk activates their AD accounts and then put them into AD groups based on their
role and requested access to different resources as part of user onboarding process.
2. These users then appear in FIM portal, where we have SSPR setup. Disabled users are removed from portal.
3. We now want to start syncing Groups from AD to FIM portal.
4. The required user attributes will also need to be enabled to come across from AD to
FIM Portal.
Theoretically I believe, this is what needs to be done but not sure if correct and how.
5. We do the necessary configuration in MPRs/Sets/Workflows to define automation,
where FIM picks the necessary user attributes and then puts them into the selected
groups based on the combination of their unique attribute combination also defined
earlier as part of the configuration.
6. There will be multiple mapping for roles to groups and when changes happen in AD,
then group membership should change automatically.
I am not sure if this is feasible in FIM portal or is there any other more elegant way to do this.
But I definitely want to avoid the code route at the start of the user provisioning process, as this will become part of user onboarding process, with automated.
Thanks,
MS