none
Application group member to metaverse RRS feed

  • Question

  • Hi

    I have 3 MA :

    • FIM
    • AD
    • Application #1

    Im trying to add Application's #1 group membership to FIM thru a delimited text file. Basicly, the file look like : 

    User / Group

    user1 group3
    user1 group2
    user1 group6
    user2 group4
    user2 group5
    user3 group7

    My understanding is that the user's need be referenced object to be add has group members. Referenced object need to be in the same connector space has my Application #1 connector but I can't because users are from AD

    • Users are from the AD. They have the same account name in the application. 
    • Group need to be imported from Application #1 delimited textfile

    Im trying to figure out a way to link all my applications access to a user. How would you do this ?

    THANKS




    Friday, July 31, 2015 4:14 PM

All replies

  • What does user mean in the txt file, if there are no users in App?  What kind of data you have in this txt file??

    user1 group3
    user1 group2
    user1 group6
    user2 group4
    user2 group5
    user3 group7


    Nosh Mernacaj, Identity Management Specialist

    Friday, July 31, 2015 4:39 PM
  • The users are also defined in the App, their username is the same in AD. 
    At the end, my goal is when I search for user1, I see all is AD groups AND application groups

    thanks for the fast response

    Friday, July 31, 2015 4:45 PM
  • Are you planning to add these groups to AD/FIM or is it simply informational data to know what groups a user is a member of?  Another problem you have with this data is that you don't have an anchor.  You need a column that is unique.  For what I see is that neither user nor group are unique, they may appear more then once in the list.  Since the user appears in my rows, you cannot join multiple rows to same record in MV.

    With this data, not only you cannot achieve your goal, but you cannot simply even have it imported and joined in MV period.


    Nosh Mernacaj, Identity Management Specialist



    Friday, July 31, 2015 4:51 PM
  • It's just informational data for now. The anchor I was planning to use is a combination of group+user.
    Im trying to figure out the order that objects needs to be imported, From my novice point of view, I need to import AD users and then application group members referencing a AD account but it don't look simple as that.

    Friday, July 31, 2015 4:56 PM
  • But you would want the records joined to the MV object. Since you have many records in TXT file with same user, you cant do that.  You are allowed to join only one record.

    Nosh Mernacaj, Identity Management Specialist

    Friday, July 31, 2015 4:57 PM
  • Not sure I understand. In AD, a group have many users. In a APP, a group can have many users. So, if I change the format or my text file should I be able to import them ?

    Group1 user1,user5,user2
    Group2,user6,user2

    Also, since the AD user and App group are not in the same connector space. How can the reference for the group member be done ? 


    Friday, July 31, 2015 5:09 PM
  • No that would not work.  You want an attribute called memberOf, and that is a property of user.  So your format has to be like this.

    UserName | MemberOf

    User1 | Group1, Group2, Group3

    User2 | Group4, Group4


    Nosh Mernacaj, Identity Management Specialist

    Friday, July 31, 2015 5:42 PM