none
roles automation with identity maanger RRS feed

  • Question

  • dears,

     appreciated  if someone can advise on the below:

    does microsoft identity manager provides in a way or other assigning roles to users in an automated solution?

    example: if in my organization i have system engineers and accountants and sales , can i assign role and permissions to theses users based on a automated way  trhough MIM?

    best regards

    Tuesday, October 15, 2019 1:03 PM

Answers

  • Hi,

    You'll find lots and lots of posts about this if you search the forum.

    You'll also find a lot of TechNet articles and blog posts.

    Critera based groups are groups in MIM that can have dynamic memberships. The members are determined by using attribute criteria. E.g. (pseudocode, the actual filter is an XPath filter, but is built automatically by the MIM Gui when you create / change the group):

    Title = "System Engineer" and Country = "UK".

    It's really easy. Just create a Group in MIM, select Criteria based and build the filter.

    It's also possible to create these groups automatically, either in the Portal or (better, I think), by syncing them in from some source Connector.

    Please also find attached images.

    Br,

    Leo



    Did my post help? Please use "Mark as answer" or "Propose as answer". Thank you!


    • Edited by Leo Erlandsson Wednesday, October 16, 2019 6:49 AM
    • Marked as answer by eg1559 Wednesday, October 16, 2019 9:44 AM
    Wednesday, October 16, 2019 6:48 AM

All replies

  • Hi,

    Sure, you can do this using MIM. The support was even better with BHOLD, but Microsoft does not recommend new implementations to use that component (BHOLD).

    The easiest example of assigning permissions is Criteria Based Groups. E.g. you can make all persons with the title "System Engineer" members of a certain group, all with the title "Accountant" members of another.

    There are other solutions aswell.

    Br,

    Leo


    Did my post help? Please use "Mark as answer" or "Propose as answer". Thank you!

    Tuesday, October 15, 2019 1:09 PM
  • can you please elaborate about criteria based groups? how is it done ?

    and how is it done in an automated way?

    thannks

    Tuesday, October 15, 2019 1:14 PM
  • Hi,

    You'll find lots and lots of posts about this if you search the forum.

    You'll also find a lot of TechNet articles and blog posts.

    Critera based groups are groups in MIM that can have dynamic memberships. The members are determined by using attribute criteria. E.g. (pseudocode, the actual filter is an XPath filter, but is built automatically by the MIM Gui when you create / change the group):

    Title = "System Engineer" and Country = "UK".

    It's really easy. Just create a Group in MIM, select Criteria based and build the filter.

    It's also possible to create these groups automatically, either in the Portal or (better, I think), by syncing them in from some source Connector.

    Please also find attached images.

    Br,

    Leo



    Did my post help? Please use "Mark as answer" or "Propose as answer". Thank you!


    • Edited by Leo Erlandsson Wednesday, October 16, 2019 6:49 AM
    • Marked as answer by eg1559 Wednesday, October 16, 2019 9:44 AM
    Wednesday, October 16, 2019 6:48 AM