none
Group Management RRS feed

  • Question

  • I'm looking to use FIM to replace a customers third party group management solution. Some of their groups have criteria that must be satisfied before a user can be made a member. What options are available in FIM to reproduce this functionality?

    Cheers,

    Tom Houston, UK Identity Management Practice

    Thursday, July 31, 2014 8:06 PM

All replies

  • FIM has the ability to create what are called dynamic groups in the portal and then flow it out to AD.  So in the classic scenario you might flow employee status, job code and department into the FIM portal from your ERP system.  You then create your dynamic groups to calculate membership based on those values.  Finally you would need some sync rules to send the values out to AD.  Here is basic walk through for dynamic groups that might help.



    If this post has been useful please click the green arrow to the left or click Propose as answer

    Thursday, July 31, 2014 9:36 PM
  • Thanks, but I'm not sure dynamic groups help. Let me explain the scenario further. We're intending to use self-service group management, i.e. manually managed membership groups with owner approval. When the group owner approves the join request, we want FIM to check a property on the group object and compare it to a property on the user object. I'm wondering if an AuthZ workflow could be the answer.

    Tom Houston, UK Identity Management Practice

    Friday, August 1, 2014 5:41 PM
  • So FIM does support the scenario where an end user goes into the FIM portal and requests membership to a given group.  From there it will route the request to the manager for approval.  Once approved the member is added to the group in the portal and synced to AD on the next export run. Is this basically what you are trying to accomplish?

    If this post has been useful please click the green arrow to the left or click Propose as answer

    Saturday, August 2, 2014 6:39 PM