By requesting this standard product, you can add new security groups or distribution groups in the Active Directory. The requester provides information about the name, container, and domain, if known, of the request. Based on this information, the target system manager specifies the container in which the group will be added and grants approval for the request. The group is created in One Identity Manager and published to the target system.
Prerequisite
If the QER | ITShop | GroupAutoPublish configuration parameter is set, the group is added to the IT Shop and the assigned to the shelf Identity & Access Lifecycle | Active Directory groups. The group is assigned to the service category Security group or Distribution group respectively.
Table 58: Default objects for requesting an Active Directory group
Products |
Creating an Active Directory security group
Creating an Active Directory distribution group |
Service category |
Active Directory groups |
Shelf |
Identity & Access Lifecycle > Group Lifecycle |
Approval policies/approval workflows |
Approval of Active Directory group create requests |
Detailed information about this topic
Product owners and target system managers can request updates to the group type and group scope of Active Directory groups in the Web Portal. The target system manager must grant approval for these changes. The changes are published in the target system.
Prerequisites
Table 59: Default objects for changing an Active Directory group
Product |
Modifying an Active Directory group |
Service category |
Not assigned |
Shelf |
Identity & Access Lifecycle > Group Lifecycle |
Approval policies/approval workflows |
Approval of Active Directory group change requests |
Product owners and target system managers can request deletion of an Active Directory group in the Web Portal. The product owner or target system manager must grant deletion approval. The group is deleted in One Identity Manager and the change is published in the target system.
Prerequisites
Table 60: Default objects for deleting an Active Directory group
Product |
Deleting an Active Directory group |
Service category |
Not assigned |
Shelf |
Identity & Access Lifecycle > Group Lifecycle |
Approval policies/approval workflows |
Approval of Active Directory group deletion requests |
Table 61: Default objects for requesting group memberships
Shelves: |
Identity & Access Lifecycle > Active Directory groups |
Approval policies/approval workflows |
Approval of Active Directory group membership requests |
Product owners and target system managers can request members for groups in these shelves in the Web Portal. The respective product owner or target system manager must grant approval for this modification. The changes are published in the target system.
Related topics