[midPoint] Sync Virtual Identities and AD Groups using roles
Ivan Noris
ivan.noris at evolveum.com
Tue Dec 13 08:58:59 CET 2016
Hi,
if you open your role in midPoint, you can see its members in "Members"
tab. Both direct and indirect members should be displayable. So you can
see who has the role assigned.
It's not possible yet to make a report which uses resource data, i.e.
"show all users in midPoint, which have account in AD with attribute
XY". As we do not store resource account attributes, the data would need
to be fetche during such report. This is not implemented yet.
Regards,
Ivan
On 12/12/2016 04:57 PM, m.benucci wrote:
> Hi,
> I have imported users from an Active Directory and
> I have successfully synchronized AD groups with midPoint roles using a
> metarole.
> Provisioning and Synchronization seems to works well.
>
> Now, given a midPoint Role (an AD entitlement), I would like to know
> if is possible to know who is assigned to this role (e.g. I would like
> to know from midPoint who is assigned to the role/entitlement "Domain
> Admin").
>
> I suppose I necessarily need to assign the role to an user to see if
> he is a member of it, is there a way to automate this assignment process?
>
>
> Thank you.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161213/bf69f540/attachment.htm>
More information about the midPoint
mailing list