[midPoint] Midpoint Role based on AD Group

Laza, Javier Javier.Laza at ingrammicro.com
Tue Nov 10 11:05:39 CET 2020 

Hi all,

I am not using midpoint for provisioning purposes but to have a global view of all my users and its accounts.

I want to read the accounts in the resources and map roles based on that. For example, I have the following role, which based on the user's subtype assigns the Associate role to the user. I have another role for Contrators. This approach works, so I can go to the user's assignments and check if he/she is a contractor or associate

<role>
    <name> Associate</name>
    <description> Employee</description>
    <displayName> Associate</displayName>

    <autoassign>
        <enabled>true</enabled>
        <focus>
            <selector>
                <type>UserType</type>
            </selector>
            <mapping>
               <strength>strong</strength>
               <source>
                    <path>subtype</path>
                </source>
                <condition>
                    <script>
                        <code>
                            subtype == 'Associate'
                       </code>
                    </script>
                </condition>
            </mapping>
        </focus>
    </autoassign>
</role>


Now, I have an AD group that contains the users with access to Confluence. How could I create a role for this?
How could I create a role that checks whether a user has an account in certain resource, and if so, if the account's memberOf attribute contains 'CN=Confluence, OU=Access Groups,DC=example,DC=com'?

Thanks!

La informaci?n contenida en este mensaje es confidencial. En caso de que reciba este mensaje por error le rogamos lo comunique a la mayor brevedad al emisor y proceda a su eliminaci?n definitiva, absteni?ndose de copiar, almacenar o difundir su contenido. De acuerdo con lo establecido en la Ley Org?nica 15/1999, de Protecci?n de Datos de Car?cter Personal y en el Reglamento de Desarrollo 1720/2007, los datos personales que facilite a trav?s de la direcci?n de correo indicada ser?n incorporados a un fichero titularidad de INGRAM MICRO, S.L.U., con domicilio en C/ Antonio Machado, 78-80 1? y 2? pl. Business Park ( 08840-Viladecans). Mediante el env?o de sus datos, Ud. otorga su consentimiento expreso a INGRAM MICRO, S.L.U, para el tratamiento de sus datos, con la finalidad de atender a su consulta y/o mantener la relaci?n profesional, comercial, y/o contractual que en su caso establezca con INGRAM MICRO, S.L.U. Puede ejercitar sus derechos de acceso, rectificaci?n, cancelaci?n y oposici?n notific?ndolo por escrito a la direcci?n del remitente, o a la siguiente direcci?n de correo nuevascuentas at ingrammicro.es. De acuerdo con la Ley 34/2002, de Servicios de la Sociedad de la Informaci?n y de Comercio Electr?nico, Vd. podr? oponerse en cualquier momento al tratamiento de sus datos con fines promocionales notific?ndonoslo por escrito a la direcci?n de correo mencionada.
.................................................................................................................................................................................................................................................
The information contained in this message is confidential. If you receive this message by error please notify it as soon as possible to the sender and proceed to their final elimination by not copy, store or distribute its content. In accordance of what is stated in the Law 15/1999, of Data Personal Protection and Regulation Rule 1720/2007, the personal data provided through the email address you entered will be included in a file owned by INGRAM MICRO, SLU, located at C/ Antonio Machado, 78-80 1? y 2? pl. Business Park ( 08840-Viladecans). By submitting your data, you expressly give your consent to INGRAM MICRO, SLU, to the treatment of your data, in order to answer to your questions and / or keep the professional, commercial relationship  and / or contractual set with INGRAM MICRO, SLU You can exercise your rights of access, rectification, cancellation and opposition by giving written notification to the sender address or to  the following email:  nuevascuentas at ingrammicro.es. According to Law 34/2002, of the Information Society and Electronic Commerce, you may object at any time to your data treatment for promotional purposes by notifying us in writing to the email address above.
[Ingram_2818e5de]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201110/c4c6524b/attachment-0001.htm>

More information about the midPoint mailing list