To configure a Group Membership AutoProvisioning policy
To complete the Select Object Type dialog box
If you do not see the object type you need, select Show all possible object types.
To complete the Set Up Condition dialog box
If you do not see the property you need, select Show all possible properties.
OR
Click Configure Value, and follow the steps below.
The policy described in this scenario automatically adds user accounts to the specified groups depending on the Department property of user accounts. If the Department property of a user account is set to Sales, the policy adds the account to the Sales group.
To implement this scenario, you must perform the following actions:
As a result, when a user account in the container you selected in Step 2 has the Department property set to Sales, Active Roles automatically adds that account in the Sales group.
The following two sections elaborate on the steps to implement this scenario.
You can create and configure the Policy Object you need by using the New Provisioning Policy Object wizard. For information about the wizard, see Creating a Policy Object in the Policy Object management tasks section earlier in this chapter.
To configure the policy, click Group Memberships AutoProvisioning on the Select Policy Type page of the wizard. Then, click Next.
On the Object Type Selection page, click Next to accept the default setting for the object type—User.
On the Policy Conditions page, click Add to display the Set Up Condition dialog box.
Configure the condition as follows:
After you complete these steps, the Set Up Condition dialog box looks as shown in the following figure.
Figure 55: Set up condition
Click OK to close the Set Up Condition dialog box.
On the Policy Conditions page, click Next.
On the Policy Action page, click Add object to groups if object satisfies policy conditions, and then click Next.
On the Group Selection page, click Add and use the Select Objects dialog box to locate the Sales group. After you add the Sales group to the list on the Group Selection page, click Next and follow the instructions in the wizard to create the Policy Object.
You can apply the Policy Object by using the Enforce Policy page in the New Provisioning Policy Object wizard, or you can complete the wizard and then use the Enforce Policy command on the domain, OU, or Managed Unit where you want to apply the policy.
For more information on how to apply a Policy Object, see Applying Policy Objects and Managing policy scope earlier in this chapter.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy